Pirated copies of 'Spider-Man: No Way Home' contain malware

Pirated copies of ‘Spider-Man: No Way Home’ contain malware

January 18, 2022

Numerous examples of phishing websites where users are asked to give credit card details

Pirated copies of ‘Spider-Man: No Way Home’ contain crypto-mining malware and can pose a threat to users’ data, warned cybersecurity experts.

Researchers from ReasonLabs discovered a new form of crypto-mining malware included in illicit copies of the latest Spiderman movie, while Kaspersky cybersecurity experts found phishing websites set up to steal users’ bank data.

The crypto-mining malware is identified as spiderman_net_putidomoi.torrent.exe and presented to the users as a Torrent file containing the movie. Cybercriminals try to trick users by convincing them to download the “leaked” file, which can hack their computer system. Researchers believe this specific malware is also circulating as apps like Discord or Windows Updater.

According to ReasonLabs, the malware does not compromise users’ data, however, it affects users’ devices requiring high CPU usage, which has an impact on computers’ performance and causes an increase in the electricity bills.

“We recommend taking extra caution when downloading the content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download,” said Dana Yosifovich, Security Researcher at ReasonLabs

“One easy precaution you can take is to always check that the file extension matches the file you are expecting e.g. in this case, a movie file should end with “.mp4”, not “.exe”. Try to gather information about the file, and always think twice before double-clicking on it. To make sure you see the real file extension, open a folder, go to “View” and check “File name extensions”. This will make sure you see the full file type”.

Phishing websites

Kaspersky cybersecurity experts found numerous examples of phishing websites set up to compromise users’ bank details. As the researchers observed, the phishing websites ask users to enter their credit card information to watch the latest Spiderman movie. After that, cybercriminals get access to users’ data and steal money from their credit cards, without providing the movie.

“With the excitement surrounding the release of the newest Spider-Man film, the inattention of thrilled viewers is being abused by cybercriminals. The premiere of ‘No Way Home’ is no exception but an attractive lure to spread threats and phishing pages,” said Kaspersky in a written report.

“There are tons of speculation and rumors floating around the Internet regarding ‘No Way Home’. For example, reports are running rampant that Tobey Maguire and Andrew Garfield are both returning as Spider-Man from their respective films. To boost interest in the phishing pages, fraudsters do not use official posters from the film, but rather fan art featuring all the Spider-Man actors. With such posters, cybercriminals want to attract more attention from fans,” the report noted.

As pointed out by Tatyana Shcherbakova, Security expert at Kaspersky, fraudsters are using fan arts and trailer cuttings as bait to make victims download malicious files and enter banking details. “We encourage users to be alert to the pages they visit and not download files from unverified sites” she added.

In most of the cases investigated, Kaspersky’s analysts found movie downloads capable of installing other unwanted programs and identified other Adware and even Trojans, that could allow cybercriminals to perform actions without users’ permission, such as collecting information, modifying data, or reducing computer performance.