Skip to main content

'Spider-Man: No Way Home' Pirates Hit by Crypto Malware

Piracy
(Image credit: Shutterstock)

There's no official way to watch "Spider-Man: No Way Home" from the comforts of your humble abode. Some people looking to watch the movie without making a trip to the theater have resorted to downloading pirated copies of the film—and they may have accidentally installed cryptocurrency mining malware in the process.

ReasonLabs said it discovered malware used to mine the Monero cryptocurrency in a file called "spiderman_net_putidomoi.torrent.exe," which the company translated from Russian to "spiderman_no_wayhome.torrent.exe," leading it to believe that "the origin of the file is most likely from a Russian torrenting website."

This type of malware spreads by taking advantage of people's desire to engage with popular media. "Spider-Man: No Way Home" is the first movie to gross more than $1 billion at the box office (during the COVID-19 era) even though it's theater-exclusive and the Omicron variant of COVID-19 is rapidly spreading. So, of course, people are going to try to pirate it.

The company said this malware derives from the SilentXMRMiner open source project that anyone can download from GitHub. The project offers a point-and-click interface that allows wannabe malware distributors to create a new miner compatible with numerous cryptocurrencies without much effort on their part.

ReasonLabs said that after it's installed, the malware "adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity," all of which is enabled via the SilentXMRMiner project. It then devotes the victim's compute power to mining Monero for whoever created it.

"Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer)," ReasonLabs said. "The damage that a miner causes can be seen in the user's electricity bill. This is real money that they have to pay, given that the miner runs for long periods. Additionally, the damage can be felt on a user's device as often miners require high CPU usage, which causes the computer to slow down drastically."

Unfortunately, pirates can't necessarily rely on antivirus solutions to defend against malware like this. ReasonLabs said it "encountered various compiled versions of this project, some more obfuscated than others," which can help the malware evade signature-based detection systems. (Read: Most traditional antivirus software.)

The company proved its point by submitting the malware to VirusTotal, which analyzes files and URLs with more than 70 different security tools. Unfortunately, ReasonLabs said the malware wasn't flagged as malicious by VirusTotal when it wrote its report, so the vast majority of popular antivirus solutions wouldn't have protected anyone.

The simplest way to avoid falling victim to this malware is to refrain from pirating "Spider-Man: No Way Home." Barring that, ReasonLabs said those who choose to sail the black seas ought to double-check what kind of file they're downloading. There's no reason for a movie, pirated or not, to be distributed as an executable file.

  • DemonicSky
    I don't know a single person that would ever, EVER run a randomly found .exe file when downloading a movie. This headline might as well have said "Random viruses can occur if you download executables from unknown source".
    Reply
  • USAFRet
    DemonicSky said:
    I don't know a single person that would ever, EVER run a randomly found .exe file when downloading a movie. This headline might as well have said "Random viruses can occur if you download executables from unknown source".
    We see those people here every single day.

    "I needed Foo.exe, because I need to make some funny cat memes."
    "I found a link to download it"
    "I clicked, and my antivirus said it was hazardous"
    "I told my AV to ignore"
    "I ran the Foo.exe"
    "My system is now running slow, and my files seem to be 'encrypted'. What can I do?"

    Every. Single. Day.
    Reply
  • DemonicSky
    Then I really feel sorry for you. I've worked in IT for the last 3 decades, and even where I work now people wouldn't be that dense. And this is a place where people share their passwords with colleagues because otherwise "they forget them", or create support tickets to ask us to verify mails (if they are spam or not), and even these people know not to run random exe files :|

    Starting to see why scammers invest in 1000x USB drives then leave them around parks and playgrounds..
    Reply
  • USAFRet
    DemonicSky said:
    Then I really feel sorry for you. I've worked in IT for the last 3 decades, and even where I work now people wouldn't be that dense. And this is a place where people share their passwords with colleagues because otherwise "they forget them", or create support tickets to ask us to verify mails (if they are spam or not), and even these people know not to run random exe files :|

    Starting to see why scammers invest in 1000x USB drives then leave them around parks and playgrounds..
    Don't feel sorry for "me".
    This is just random users that find their way to Tom's.

    Stroll through some recent threads in here...
    https://forums.tomshardware.com/forums/antivirus-security-privacy.24/
    Or this one:
    https://forums.tomsguide.com/threads/i-accidently-ran-this-virus-exe.494913/
    Reply
  • DemonicSky
    I thought you were referring to your own line of work. Tom's I get as it's been quoted to clueless users numerous times. Even when I worked at tech support for Microsoft, I would almost daily, mention it to users. (Yes every tech support love these forums).

    While it's good they can find a resource like this forum, you'd think that at this stage of our digital society, running random .exe files would be long gone. But it still feels like a clickbait headline, as these any malware in a .exe isn't specific to a movie, and has been out for decades in all kinds of media. Even in 3.11 you had Netbus installed through Whack-a-mole.
    Reply
  • peachpuff
    DemonicSky said:
    I don't know a single person that would ever, EVER run a randomly found .exe file when downloading a movie. This headline might as well have said "Random viruses can occur if you download executables from unknown source".
    Blame Microsoft for hiding the file extension by default. The file will look like spiderman.torrent rather than spiderman.torrent.exe in file explorer.
    Reply
  • USAFRet
    peachpuff said:
    Blame Microsoft for hiding the file extension by default. The file will look like spiderman.torrent rather than spiderman.torrent.exe in file explorer.
    People would still do it.
    Reply
  • Wolfshadw
    DemonicSky said:
    While it's good they can find a resource like this forum, you'd think that at this stage of our digital society, running random .exe files would be long gone.
    Gotta remember that every year, there's a new round of computer newbies that have no clue (Mom and Dad bought their youngest his/her first PC).

    -Wolf sends
    Reply
  • COLGeek
    Isn't everything on the Interwebs "free"? :unsure: And, carries no risk? :devilish:


    🏴‍☠️🏴‍☠️🏴‍☠️
    Reply
  • Wolfshadw
    Oh! And let's not forget the stubborn people who ignore the first 50 sites that says a file is hazardous for that one site that says it's safe.
    (Don't tell me the truth! Tell me what I want to hear!)

    -Wolf sends
    Reply