‘Spider-Man: No Way Home’ Download Installs Cryptominer

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.

Global buzz around the release of Spider-Man: No Way Home is making tons of online noise – an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film.

A torrent download of Spider-Man: No Way Home is circulating, infected with a persistent Monero cryptominer, according to a new alert from ReasonLabs.

The file was flagged by a user and didn’t match any other known suspicious files in their database, the report said.

Although the researchers haven’t pinpointed how many times the miner has been downloaded, their hunch is that it’s been around for a while, they explained in a statement.

Infosec Insiders Newsletter

“The Spiderman malware is actually a new ‘edition’ of a previously known malware that was disguised as various popular apps in the past such as ‘windows updater,’ ‘discord app,’ and now the Spiderman movie,” the ReasonLabs teams explained in a Thursday report. “This suggests that it’s been downloaded a lot.”

They added that as of yet, no one has identified this malware edition.

ReasonLabs reported that the miner’s file name translates from the original Russian, “spiderman_net_putidomoi.torrent.exe,” to “spiderman_no_wayhome.torrent.exe” in English and is capable of adding exclusions to Windows Defender. It also adds a “watchdog process” for persistence.

Once the cryptominer is downloaded, the victim might not immediately be aware it’s there, running in the background, draining both power and CPU capacity, the ReasonLabs report added.

“Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer), the damage that a miner causes can be seen in the user’s electricity bill,” the report explained. “Additionally, the damage can be felt on a user’s device as often miners require high CPU usage, which causes the computer to slow down drastically.”

ReasonLabs is still investigating the cryptominer’s origins.

Use Caution When Downloading ‘Spider-Man: No Way Home,’ Other Content

If downloading potentially dodgy content is a must, the ReasonLabs analysts recommended that users double-check the file extension to any movie file to make sure it ends with .mp4, rather than .exe.

“We recommend taking extra caution when downloading content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download,” ReasonLabs advised.

This isn’t the first time pop culture moments have been hijacked to spread malware.

“We are constantly seeing miners deployed as common programs, files of interest, popular apps, current events etc.,” the researchers added. “Miners got very popular in the past years because it’s easy money and attackers are trying to gain as many victims as possible – by any way possible, including fooling users to download files that are not what they seem.”

In fact, this isn’t even the first instance of cybercriminals using the new Spider-Man movie to hide their malware.

Last week, just before the movie hit theaters, Kaspersky warned cybercriminals were using the new comic book flick – and its stars – as lures in a phishing campaign to steal banking information.

“Fans’ expectations are through the roof right now, arguably higher than for any film,” Kaspersky’s Tatyana Shcherbakova said in a statement. “Everyone who has ever been a fan of Spidey has their own theories about the films, which can be exploited by cybercriminals.”

Image courtesy of Cristian Bortes/bortescristian. Licensing details.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.

Suggested articles

A Guide to Surviving a Ransomware Attack

Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.


  • Tanish Singh on

    What does marvel expect, us to go and watch the movie in a cinema, and have a chance to get COVID? My family won't let me watch the movie even though I can get the movie tickets, I am a 16 y/o living in India, vaccines for people under 18 haven't arrived in our country yet, they should do online screenings, tickets sold for that particular time! People of my age who went to watch the movie in my country had literally no protection against COVID, I know that people can pirate movies very easy, but it's very easy to stop that too, give the people an App, that keeps a watch out for programs like OBS and other screen recording apps running in the background and either end that process/kick the person out of the online screening or if the PC has a capture card, kick the person out of the screening and tell him to join from a device without a capture card, how hard is that fellas, I have coded this myself in the past!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.