Malware in Crypto
People downloading an illegal copy of “Spider-Man: No Way Home” may be in for a nasty surprise, as versions on “torrent” sites that point to illegal copies of movies are bundled with a cryptocurrency miner as an unwanted side effect.
Experts on this Mining Malware
Researchers at Reason Cybersecurity Ltd. have found that illicit copies of the latest Spider-Man installment contain a new version of a previously known form of virus. Malware known as “Spiderman” has been described as a variant of malware that had previously been disguised as popular apps such as “Windows updater” and “Discord app.”
Also Read: Cryptocurrency scams you should know about
Malware crypto miners have the ability to add exclusions to Windows Defender. It also adds a “watchdog process” to ensure persistence. On the first run, the file kills any process that has the name of one of its components to ensure only one instance is running at a time. The Crypto malware then executes two new processes, Sihost64.exe and WR64.exe.
“It’s been extremely common for threat actors to attach cryptominers and other malware to popular torrent files for over a decade,” Jasmine Henry, field security director at cyber asset management and governance solutions provider JupiterOne Inc., told SiliconANGLE.
“Security teams should revisit their acceptable use policies and periodically remind employees that illegal peer-to-peer file sharing at home or on work devices carries some pretty nasty security risks.”
Casey Ellis, founder and chief technology officer at crowdsourced security platform company Bugcrowd Inc., noted that
“someone wanting to implant malware, using a delivery system where users are less likely to reach out for ‘technical support’ if something seems off or even admit to peers or family that their computer might be acting strange, gives an increased chance of my malware executing in the first and, once it does, a lower risk of it being discovered and removed.”
The cyberthreat analyst at Digital Shadows Ltd. explains that hiding a crypto miner or similar malware in enticing files, such as the new Spider-Man movie or other hot media properties, is nothing new.
“There are likely lots of genXers and millennials who remember the days of downloading random files from strangers across Kazaa and Limewire in search of rare or free MP3 or video files and ended up with a Trojan or similar nastiness,”
“Unfortunately, the tactic carried into the Torrent world. There have been many cases of people downloading the wrong file, thinking it was a popular movie, TV show or new remix.”