ReasonLabs, a cybersecurity firm has discovered a crypto-mining campaign in the wild, disguised under a fake torrent of Spiderman: No Way Home.
The threat actors here are cashing on the craze of the latest superhero movie, that’s attracting both theatre fans and torrent fans. The cryptominer is basically a Monero one, exploiting the systems of unsuspecting users and minting coins for hackers.
Exploiting the Craze of Superhero Movie
Spiderman: No Way Home, the latest Marvel hero movie distributed by Sony Pictures is a roaring hit, clocking more than $750 million in collections worldwide already. As the positive talk surrounds, fans are rushing to both theatres and illegal sites for viewing the movie anyway.
And this craze is being cashed by threat actors actively, says ReasonLabs, a cybersecurity firm that released a report on a new cryptomining campaign based on Spiderman: No Way Home. The researchers said they spotted a cryptomining malware attached to Russian torrent files of the above movie, which is being downloaded by people actively.
The file is actually an executable, and when installed on the victims’ computers without any suspicion, it will set up a Monero mining software and mint coins for the hackers. Cryptocurrency mining is a resource-intensive task, exploiting electricity and CPU power.
Mining on unsustainable hardware will result in damage and lowered performance in the long run, besides consuming heavy electricity. The Monero cryptominer discovered by ReasonLabs researchers mines coins for hackers and doesn’t steal any personal information.
In an answer to ZDNet, the ReasonLabs researchers said they had amassed a large malware database over the years, similar to VirusTotal, which now allowed them to research their origins, flag them, and cross-check malware. The latest Spiderman movie-based cryptominer isn’t available in VirusTotal as of now.
Researchers said they didn’t know how many times the cryptomining torrent was downloaded, but it’s been there for quite a time. While they’re finding the origins of it, researchers said the malware is capable of creating persistence, excluding Windows Defender, and spawning a watchdog process to maintain its activity.