Spider-miner: Malware found within torrents of new Spider-Man film

By Jesse Coghlan

December 28, 2021 1

The threat research arm of Reason Cybersecurity, Reason Labs, has warned that a torrent download of the new Marvel movie “Spider-Man: No Way Home” contains malware: a Monero cryptocurrency mining software.

*Reason Labs’ remix of the Spider-Man theme warning of the malware, posted within the announcement*.

Explaining how the malware and attackers operate, Reason Labs wrote: “to lure in as many victims as possible, attackers must stay up to date with trending topics.

“In this case, we are facing someone who has placed a Monero miner in a torrent download of what seems to be the new movie: Spider-Man: No Way Home.”

The new Spider-Man movie has earned over US$1 billion globally in only 12 days, becoming the first “pandemic-era” movie to reach the milestone, and earning the top spot for highest grossing film in 2021.

Reason Labs continues: “The file identifies itself as “spiderman_net_putidomoi.torrent.exe,” which translates from Russian to “spiderman_no_wayhome.torrent.exe.” Based on that, the origin of the file is most likely from a Russian torrenting website.

“This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity.”

The malware pretends to be Google for the files and processes it creates, so it looks more “legitimate”, it then inserts itself into svchost.exe, a Windows process allowing many services to share a single process to decrease overall resource usage.

It then sends commands to Microsoft Defender to ignore all folders under the user profile, the system drive and all files with extensions of “.exe” or “.dll”.

After that, it drops files to make sure the mining process is running, and the miner itself, which is a version of SilentXMRMiner, a free miner which anyone can download on github.

Whilst the malware doesn’t steal any personal information, it does use considerable resources in the form of electricity and computer processing power, which can result in higher electricity bills and much slower computers for the victims.

Users can avoid this risk by ensuring that any video files that they want to watch have the right file extensions. Videos should be in .mp4 format, not .exe.