‘Spider-Man: No Way Home’ is undoubtedly one of Marvel’s most anticipated releases, so much so that it already became the eighth highest-grossing film in history. This, as usual, also translates into a huge popularity of unauthorized downloads of the film, a practice to be careful with, especially if you are new to it.

It is precisely the popularity of Spider-Man that malicious people are taking advantage of to disguise a miner of the cryptocurrency Monero as if it were a torrent of the movie. The most clueless will try to open the downloaded torrent and end up installing malware on their computers that will squeeze them to the max to mine for others.

This malware in question is able to add exclusions to Windows Defender, create persistence and generate a surveillance process to maintain its activity in the background. In addition, it tries to stay hidden from scanners by using “legitimate” names for the files and processes it creates; for example, it claims to be from Google and drops files with names like sihost64.exe, and injects itself to svchost.exe.

The file, which probably comes from some Russian torrent site, has a pretty obvious name that anyone familiar with Windows executables will spot as suspicious right away: “spiderman _ net _ putidomoi.torrent.exe” or “spiderman _ no _ wayhome.torrent.exe”.

This is something we have talked about quite thoroughly before, if you download torrents you should not forget to check the file extensions, and enable the function in Windows Explorer to show hidden extensions (because by default many are not shown).

No video file ends in .exe, that is an executable and should sound all the alarms that you are downloading malicious software. Video files are usually .mp4 or .mkv, they will never be .exe.

LEAVE A REPLY

Please enter your comment!
Please enter your name here