There's no official way to watch "Spider-Man: No Way Home" from the comforts of your humble abode. Some people looking to watch the movie without making a trip to the theater have resorted to downloading pirated copies of the film—and they may have accidentally installed cryptocurrency mining malware in the process.
ReasonLabs said it discovered malware used to mine the Monero cryptocurrency in a file called "spiderman_net_putidomoi.torrent.exe," which the company translated from Russian to "spiderman_no_wayhome.torrent.exe," leading it to believe that "the origin of the file is most likely from a Russian torrenting website."
This type of malware spreads by taking advantage of people's desire to engage with popular media. "Spider-Man: No Way Home" is the first movie to gross more than $1 billion at the box office (during the COVID-19 era) even though it's theater-exclusive and the Omicron variant of COVID-19 is rapidly spreading. So, of course, people are going to try to pirate it.
The company said this malware derives from the SilentXMRMiner open source project that anyone can download from GitHub. The project offers a point-and-click interface that allows wannabe malware distributors to create a new miner compatible with numerous cryptocurrencies without much effort on their part.
ReasonLabs said that after it's installed, the malware "adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity," all of which is enabled via the SilentXMRMiner project. It then devotes the victim's compute power to mining Monero for whoever created it.
"Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer)," ReasonLabs said. "The damage that a miner causes can be seen in the user's electricity bill. This is real money that they have to pay, given that the miner runs for long periods. Additionally, the damage can be felt on a user's device as often miners require high CPU usage, which causes the computer to slow down drastically."
Unfortunately, pirates can't necessarily rely on antivirus solutions to defend against malware like this. ReasonLabs said it "encountered various compiled versions of this project, some more obfuscated than others," which can help the malware evade signature-based detection systems. (Read: Most traditional antivirus software.)
The company proved its point by submitting the malware to VirusTotal, which analyzes files and URLs with more than 70 different security tools. Unfortunately, ReasonLabs said the malware wasn't flagged as malicious by VirusTotal when it wrote its report, so the vast majority of popular antivirus solutions wouldn't have protected anyone.
The simplest way to avoid falling victim to this malware is to refrain from pirating "Spider-Man: No Way Home." Barring that, ReasonLabs said those who choose to sail the black seas ought to double-check what kind of file they're downloading. There's no reason for a movie, pirated or not, to be distributed as an executable file.
"I needed Foo.exe, because I need to make some funny cat memes."
"I found a link to download it"
"I clicked, and my antivirus said it was hazardous"
"I told my AV to ignore"
"I ran the Foo.exe"
"My system is now running slow, and my files seem to be 'encrypted'. What can I do?"
Every. Single. Day.
Starting to see why scammers invest in 1000x USB drives then leave them around parks and playgrounds..
This is just random users that find their way to Tom's.
Stroll through some recent threads in here...
Or this one:
While it's good they can find a resource like this forum, you'd think that at this stage of our digital society, running random .exe files would be long gone. But it still feels like a clickbait headline, as these any malware in a .exe isn't specific to a movie, and has been out for decades in all kinds of media. Even in 3.11 you had Netbus installed through Whack-a-mole.
(Don't tell me the truth! Tell me what I want to hear!)