‘Spider-Man: No Way Home’ Download Installs Cryptominer

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.

Global buzz around the release of Spider-Man: No Way Home is making tons of online noise – an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film.

A torrent download of Spider-Man: No Way Home is circulating, infected with a persistent Monero cryptominer, according to a new alert from ReasonLabs.

The file was flagged by a user and didn’t match any other known suspicious files in their database, the report said.

Although the researchers haven’t pinpointed how many times the miner has been downloaded, their hunch is that it’s been around for a while, they explained in a statement.

Infosec Insiders Newsletter

“The Spiderman malware is actually a new ‘edition’ of a previously known malware that was disguised as various popular apps in the past such as ‘windows updater,’ ‘discord app,’ and now the Spiderman movie,” the ReasonLabs teams explained in a Thursday report. “This suggests that it’s been downloaded a lot.”

They added that as of yet, no one has identified this malware edition.

ReasonLabs reported that the miner’s file name translates from the original Russian, “spiderman_net_putidomoi.torrent.exe,” to “spiderman_no_wayhome.torrent.exe” in English and is capable of adding exclusions to Windows Defender. It also adds a “watchdog process” for persistence.

Once the cryptominer is downloaded, the victim might not immediately be aware it’s there, running in the background, draining both power and CPU capacity, the ReasonLabs report added.

“Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer), the damage that a miner causes can be seen in the user’s electricity bill,” the report explained. “Additionally, the damage can be felt on a user’s device as often miners require high CPU usage, which causes the computer to slow down drastically.”

ReasonLabs is still investigating the cryptominer’s origins.

Use Caution When Downloading ‘Spider-Man: No Way Home,’ Other Content

If downloading potentially dodgy content is a must, the ReasonLabs analysts recommended that users double-check the file extension to any movie file to make sure it ends with .mp4, rather than .exe.

“We recommend taking extra caution when downloading content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download,” ReasonLabs advised.

This isn’t the first time pop culture moments have been hijacked to spread malware.

“We are constantly seeing miners deployed as common programs, files of interest, popular apps, current events etc.,” the researchers added. “Miners got very popular in the past years because it’s easy money and attackers are trying to gain as many victims as possible – by any way possible, including fooling users to download files that are not what they seem.”

In fact, this isn’t even the first instance of cybercriminals using the new Spider-Man movie to hide their malware.

Last week, just before the movie hit theaters, Kaspersky warned cybercriminals were using the new comic book flick – and its stars – as lures in a phishing campaign to steal banking information.

“Fans’ expectations are through the roof right now, arguably higher than for any film,” Kaspersky’s Tatyana Shcherbakova said in a statement. “Everyone who has ever been a fan of Spidey has their own theories about the films, which can be exploited by cybercriminals.”

Image courtesy of Cristian Bortes/bortescristian. Licensing details.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.

Suggested articles