May 31, 2023

An illegal copy of “Spider-Man: No Way Home” coming wide around the internet and comes with unpleasant surprise, as copies on “torrent” sites that point to illicit copies of movies were found to include a persistent cryptocurrency miner as an unwanted bonus.

The illicit copies of the latest Spider-Man instalment include a new version of a previously known form of malware. The malware, dubbed “Spiderman,” is described as a variant of malware that had previously been disguised as popular apps such as “Windows updater” and “Discord app.”

Advertisements

The malware crypto miner can add exclusions to Windows Defender. It also adds a “watchdog process” for persistence. At first run, the malware would kill any process that has the name of its components to make sure only one instance is running at a given moment. The crypto mining malware then executes two new processes, called Sihost64.exe and WR64.exe.

Security teams should revisit their acceptable use policies and periodically remind employees that illegal peer-to-peer file sharing at home or on work devices carries some nasty security risks. Unfortunately, the tactic carried into the Torrent world. There have been many cases of people downloading the wrong file, thinking it was a popular movie, TV show or new remix.

Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: