An illegal copy of “Spider-Man: No Way Home” coming wide around the internet and comes with unpleasant surprise, as copies on “torrent” sites that point to illicit copies of movies were found to include a persistent cryptocurrency miner as an unwanted bonus.
The illicit copies of the latest Spider-Man instalment include a new version of a previously known form of malware. The malware, dubbed “Spiderman,” is described as a variant of malware that had previously been disguised as popular apps such as “Windows updater” and “Discord app.”
The malware crypto miner can add exclusions to Windows Defender. It also adds a “watchdog process” for persistence. At first run, the malware would kill any process that has the name of its components to make sure only one instance is running at a given moment. The crypto mining malware then executes two new processes, called Sihost64.exe and WR64.exe.
Security teams should revisit their acceptable use policies and periodically remind employees that illegal peer-to-peer file sharing at home or on work devices carries some nasty security risks. Unfortunately, the tactic carried into the Torrent world. There have been many cases of people downloading the wrong file, thinking it was a popular movie, TV show or new remix.