One of the latest malicious campaigns detected in the wild is taking advantage of the new Spiderman: No Way Home movie.
SilentXMRMiner Hides in Spiderman Movie
ReasonLabs researchers recently detected a Monero miner in a torrent download of the Spider-Man: No Way Home movie. Of course, using the name of the movie is a luring technique that we have seen in other campaigns, as well.
The file the researchers detected is called “spiderman_net_putidomoi.torrent.exe,” when means “spiderman_no_wayhome.torrent.exe” when translated from Russian. By the looks of it, the origin of the file is also from a Russian torrenting website.
“This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity,” the researchers said.
At the time ReasonLabs created their report, the malware wasn’t present in VirusTotal. To avoid detection and attention, the malware relies on legitimate names for the files and processes it creates.
After the analysis, the researchers were able to determine that the malware is in fact a version of SilentXMRMiner, which is available on GitHub. “The project offers a comfortable GUI to compile a new miner, with the relevant information per user. After the information is supplied, all that is left is to distribute the miner,” the report said.
This SilentXMRMiner malicious campaign is a great reminder of how vigilant users should be when downloading content from the internet. Torrenting has always been a risky online behavior. Always make sure that the torrent is safe to download.
Beware the Fake Copies of Anticipated Series and Movies
In 2019, the internet was flooded with fake copies of episodes of the last Game of Thrones season. More specifically, the first and last episodes of each Game of Thrones season were the most dangerous.
Of course, downloading copyrighted content is illegal in its own terms. Cybercriminals are just exploiting this fact and are planting malware in fake torrents. Infecting users through torrents is quite easy, as no one really bothers to check the extensions of the downloaded files where malware usually lurks.