Believing they are downloading the torrent of the movie Spider-Man: No Way Home, the latest episode in the superhero’s adventures, Internet users are in fact recovering Monero cryptocurrency mining malware.
Downloading copyrighted works is a little game that can cause big problems. And not just because the practice is illegal. The proof. In trying to recover an illegal copy of Spider-Man: No Way Home, the new episode of the Spider-Man adventures, many internet users have unintentionally installed cryptomining malware on their computers. Taking advantage of the phenomenal success of Sony Pictures’ new super-production – already more than a billion dollars in box office revenue – cybercriminals have in fact replaced the file of the film offered for download in torrent with a modified version of SilentXMRMiner, a well-known Monero cryptocurrency mining software, by the way available for free on GitHub. US company cybersecurity researchers Reason Labs who exposed the deception examined the expertly encrypted code in detail. They are thus noted that the malware exploited several malicious techniques to conceal itself from security systems, including VirusTotal and Windows Defender, adding exceptions to Microsoft’s tool, replacing system processes – like the famous svchost.exe – or even posing as legitimate software from Google.
The malware is however quite easy to identify. The downloaded file is indeed called spiderman_net_putidomoi.torrent.exe, Russian translation of spiderman_no_wayhome.torrent.exe. But since many users hide file extensions by default in Windows, they don’t realize they’re launching a program when they open the movie file to play it. Too late, the damage is done! Certainly, unlike other malware, SilentXMRMiner does not steal personal data or encrypt computer contents to demand a ransom. It is content to use the processor and other resources of the PC to perform very heavy calculations – this is the principle of cryptocurrencies, which are based on the famous blockchain. Because like Bitcoin, Monero is mined, that is to say generated and managed using cryptographic formulas that require great computing power. As a result, victims end up with a slowed down computer without understanding what is happening to them. According to ReasonLabs, the spread of SilentXMRMiner and its malicious use by cybercriminals is not a first. Before the Spider-Man episode, the malware was apparently hidden in pseudo applications bearing the title Discord or Windows Updater. So distrust…