Cybersecurity firm ReasonLabs cautions: beware of cryptocurrency miners if you’d rather download Spider-Man: No Way Home than go see it to the movies.
In a new report, the ReasonLabs research team claims to have found Monero miners attached to Russian torrent files for the new movie, which has grossed more than $ 750 million worldwide since its release last week.
The miner adds exclusions to Windows Defender, creates persistence, and spawns a monitoring process to keep it running, according to ReasonLabs. “The malware is not signed or written on .net. To date, it is not present in Virus Total. Malware tries to stay hidden by using “legitimate” names for the files and processes it creates. We recommend that you use extreme caution when downloading any content from unofficial sources, be it a document in an email from an unknown sender, a pirated program on a questionable download portal, or a file from a torrent, ”the team explains.
The Spiderman malware, a reissue of a well-known malware
“An easy precaution is to always check that the file extension matches the expected file, for example, in this case, a video file should end with” .mp4 “and not” .exe. “Try to gather information about the file and always think twice before double clicking on it. To make sure you see the actual file extension, open a folder, go to “View” and check “File name extensions”. This will ensure that you see the file type full. “
The researchers add that while the malware does not compromise personal information, crypto miners cause other types of harm. Malware victims will see their electricity bills go up and researchers note that the miner runs for long periods of time, slowing down their device and requiring high CPU usage.
When asked how they discovered the cryptocurrency, the ReasonLabs team told that over the years they have amassed a large database of malware that allows them to trace, report, and identify its origins. Check them against other databases, such as Virus Total.
One of its users downloaded this file from Spider-Man: No Way Home and it was flagged in their database as a new threat. They don’t know how many times the file has been downloaded, but they notice that it has been around for some time.
The Spiderman malware is actually a new “edition” of a well-known malware that was disguised as various popular applications in the past, such as “Windows Updater”, “Discord App” and now the latest Spiderman movie. This suggests that a lot has been downloaded. “No one else has identified this ‘edition’ of the malware,” the team said.
The torrent, a malware distribution mechanism
Jake Williams, Technical Director at BreachQuest, recalls that torrenting was used by threat actors as a malware distribution mechanism long before the advent of cryptocurrencies. “I remember seeing a wave of hackers engaging victims with screensavers celebrating Whitney Houston’s career after her death. Since cryptocurrencies are the easiest way for cybercriminals to make money, it’s no wonder they are using it as the preferred payload for their malware. “
Sean Nikkel of Digital Shadows notes that many Gen X and Millennials probably remember the days when they would download random files from strangers on Kazaa and Limewire, looking for rare or free MP3s or videos, and end up with one Trojan horse or another. similar malware. .
According to him, this tactic has spread to the torrent world. In addition to malware attached to popular movies or programs, the same is true of popular applications such as those from Adobe, Microsoft, or specialized music programs such as Ableton or Fruity Loops, which are often hacked. “Sometimes the key generators themselves were malicious or the application was executable. Many office workers looking to save money or use familiar programs on their work computers have taken the risk of downloading ‘free’ versions or versions hosted on bad sites and ending up burned, ”says Sean Nikkel.
Casey Ellis, CTO at Bugcrowd, explains that, from a cybercriminal’s perspective, a distribution system is used in which users are less likely to request “technical support” if something goes wrong, or even dies. Admitting to loved ones that your computer is behaving strangely increases the chances that the malware will run first, and once it does, reduces the risk of it being discovered and removed.
ReasonLabs says it is still investigating the minor’s origins. The company notes that it constantly sees miners deployed in the form of running programs, files of interest, and popular applications. “Miners have become very popular in recent years because it is easy money and attackers try to kill as many people as possible, by all means, even tricking users into downloading files that are not what they appear to be” the company told .
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled