December 9, 2023

An illegal copy of “Spider-Man: No Way Home” coming wide around the internet and comes with unpleasant surprise, as copies on “torrent” sites that point to illicit copies of movies were found to include a persistent cryptocurrency miner as an unwanted bonus.

The illicit copies of the latest Spider-Man instalment include a new version of a previously known form of malware. The malware, dubbed “Spiderman,” is described as a variant of malware that had previously been disguised as popular apps such as “Windows updater” and “Discord app.”

Advertisements

The malware crypto miner can add exclusions to Windows Defender. It also adds a “watchdog process” for persistence. At first run, the malware would kill any process that has the name of its components to make sure only one instance is running at a given moment. The crypto mining malware then executes two new processes, called Sihost64.exe and WR64.exe.

Security teams should revisit their acceptable use policies and periodically remind employees that illegal peer-to-peer file sharing at home or on work devices carries some nasty security risks. Unfortunately, the tactic carried into the Torrent world. There have been many cases of people downloading the wrong file, thinking it was a popular movie, TV show or new remix.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023
%d