Spider-Miner: With Great Power Comes Great Problems!: 'Spider-Man: No Way Home' Pirates Hit by Crypto Malware

[Lightwreather]

Summary

There's no official way to watch "Spider-Man: No Way Home" from the comforts of your humble abode. Some people looking to watch the movie without making a trip to the theater have resorted to downloading pirated copies of the film—and they may have accidentally installed cryptocurrency mining malware in the process.

 

Quotes

Quote

ReasonLabs said it discovered malware used to mine the Monero cryptocurrency in a file called "spiderman_net_putidomoi.torrent.exe," which the company translated from Russian to "spiderman_no_wayhome.torrent.exe," leading it to believe that "the origin of the file is most likely from a Russian torrenting website."The company said this malware derives from the SilentXMRMiner open source project that anyone can download from GitHub. The project offers a point-and-click interface that allows wannabe malware distributors to create a new miner compatible with numerous cryptocurrencies without much effort on their part.

ReasonLabs said that after it's installed, the malware "adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity," all of which is enabled via the SilentXMRMiner project. It then devotes the victim's compute power to mining Monero for whoever created it.

Unfortunately, pirates can't necessarily rely on antivirus solutions to defend against malware like this. ReasonLabs said it "encountered various compiled versions of this project, some more obfuscated than others," which can help the malware evade signature-based detection systems. (Read: Most traditional antivirus software.)

The company proved its point by submitting the malware to VirusTotal, which analyzes files and URLs with more than 70 different security tools. Unfortunately, ReasonLabs said the malware wasn't flagged as malicious by VirusTotal when it wrote its report, so the vast majority of popular antivirus solutions wouldn't have protected anyone.

 

My thoughts

Well, this is pretty hilarious. Unsuspecting pirates getting hit by a Cryptominer. Now, tbh, I don't really see why people are pirating it rn (apart from FOMO) since well, it'll be in terrible quality until it gets onto a streaming service, but pirates who probably don't know enough to protect themselves whilst doing this are not getting hit with a pretty big consequence, altho, windows' default of hiding file name extensions has at least a part ot play in this. But ah well, try not to pirate, or if you're going to anyway, make sure the source is credible, check the file and please use common sense.

 

Sources

Tom's Hardware

ReasonLabs

[Radium_Angel]

26 minutes ago, J-from-Nucleon said:

windows' default of hiding file name extensions has at least a part ot play in this

A dumb default stance by MS for eons....I've never understood why they do this, expect to ape Apple (who doesn't use extensions at all)

[Hairless Monkey Boy]

It baffles me that some people would run an exe from a torrent that was supposed to contain a video.

[Zodiark1593]

5 minutes ago, Radium_Angel said:

A dumb default stance by MS for eons....I've never understood why they do this, expect to ape Apple (who doesn't use extensions at all)

Kind of a shame they do this as extensions are so useful too.

 

5 minutes ago, Hairless Monkey Boy said:

It baffles me that some people would run an exe from a torrent that was supposed to contain a video.

In Windows, extensions tend to be hidden by default. Throw in an icon that "looks" like a Marvel video, and some excited people will probably double click.

[jagdtigger]

5 minutes ago, Radium_Angel said:

A dumb default stance by MS for eons....I've never understood why they do this,

Because r=1 users cant comprehend it, plain and simple. They know files exist and magically windows knows how to open them. Their interests end right about there....

[Hairless Monkey Boy]

5 minutes ago, Zodiark1593 said:

In Windows, extensions tend to be hidden by default. Throw in an icon that "looks" like a Marvel video, and some excited people will probably double click.

It's one of the first things I change when I install Windows. But even if someone doesn't do that, the torrent site, and the torrent software both list the contents of the torrent and include the file extensions. How exactly do people click download without checking anywhere that they are getting what they expect. 

[TetraSky]

If someone is dumb enough to launch an exe instead of a torrent, that's on them. Learn the hard way how to pirate safely.

 

And wouldn't Windows warn them if they want to execute that program before anything happens?

It sure does when I try to run literally anything for the first time these days.

Heck, just today I installed AviDemux and Smartscreen popped up saying it couldn't be verified or whatever, asking if I wanted to run it anyway. How could some cryptomalware would bypass this?

[tikker]

18 minutes ago, TetraSky said:

If someone is dumb enough to launch an exe instead of a torrent, that's on them. Learn the hard way how to pirate safely.

 

And wouldn't Windows warn them if they want to execute that program before anything happens?

It sure does when I try to run literally anything for the first time these days.

Heck, just today I installed AviDemux and Smartscreen popped up saying it couldn't be verified or whatever, asking if I wanted to run it anyway. How could some cryptomalware would bypass this?

In addition to a warning before executing, shouldn't Windows quarantine it immediately? It's already a pain to stop Defender interfering when I want to download and run a miner.

[Commodus]

Not surprising, but still... "karma's a bitch" comes to mind. Piracy is stealing; don't expect sympathy if you download malware. If you can afford it (and you probably can), wait for Disney+ or a rental.

[mr moose]

Somehow I knew people pirating stuff and getting malware would be MS's fault.

[Quackers101]

29 minutes ago, mr moose said:

getting malware would be MS's fault.

maybe not MS fault, but the whole system and reduce the chances of getting malware could be a lot higher. (although .exe be .exe'ing)

like with the malware of DRM's and anti-cheat, or other products doing the same or abusing the current structure of things.

I do wish the web was overall safer, so many chances to click on shady content.

like the recent spam on youtube, try to read more... woops you might have clicked on a link doing ****

[Fasterthannothing]

C'mon an exe file seriously people security 101! 

[mr moose]

1 hour ago, Quackers101 said:

maybe not MS fault, but the whole system and reduce the chances of getting malware could be a lot higher. (although .exe be .exe'ing)

like with the malware of DRM's and anti-cheat, or other products doing the same or abusing the current structure of things.

I do wish the web was overall safer, so many chances to click on shady content.

like the recent spam on youtube, try to read more... woops you might have clicked on a link doing ****

You can reduce the risk of getting malware from piracy to zero by simply not pirating.    The problem lies directly with DRM, piracy and people being nefarious, not with windows which has to contend with all of that and more.

 

 

 

 

[da na]

6 hours ago, Radium_Angel said:

A dumb default stance by MS for eons....I've never understood why they do this, expect to ape Apple (who doesn't use extensions at all)

Like how the iloveyou virus/worm worked... malware was a script file but it had .txt in the file name so people opened it thinking it was a txt since the real extension was hidden...

[rikitikitavi]

10 hours ago, Radium_Angel said:

dumb default stance by MS for eons....I've never understood why they do this, expect to ape Apple (who doesn't use extensions at all)

Hidden by default is not the same as 'doesn't use extensions at all'.

[rikitikitavi]

7 hours ago, Commodus said:

Not surprising, but still... "karma's a bitch" comes to mind. Piracy is stealing; don't expect sympathy if you download malware. If you can afford it (and you probably can), wait for Disney+ or a rental.

Sometimes 'pirating' a movie is the only way to experience it at all. And even if someone might have access to a streaming service (or can purchase the product) - there might be only a 'butchered' version available (censorship, limited language/dub selection or whatever other possibility).

[Arika]

12 hours ago, J-from-Nucleon said:

windows' default of hiding file name extensions has at least a part ot play in this.

except it doesn't. here's a handy venn diagram explaining why

 

 

[Spindel]

2 hours ago, rikitikitavi said:

Hidden by default is not the same as 'doesn't use extensions at all'.

Extensions does not have a meaining if the OS runs the file in the correct way even if you change the extension

 

EDIT:// this goes for binaries and compressed folders etc, document type files will change what application they open with of you change the extension, these files do show the extension by default.

[Master Disaster]

28 minutes ago, Spindel said:

Extensions does not have a meaining if the OS runs the file in the correct way even if you change the extension

 

EDIT:// this goes for binaries and compressed folders etc, document type files will change what application they open with of you change the extension, these files do show the extension by default.

Yeah, no.

 

Binaries use the .app extension and compressed folders come in many different formats but are usually .dmg

 

Try opening a terminal and renaming chrome.app to chrome.txt or Install Sierra.dmg to Install Sierra.jpg

[Video Beagle]

12 minutes ago, Master Disaster said:

Binaries use the .app extension and compressed folders come in many different formats but are usually .dmg

a dmg is a disk image, which can or can not be compressed, but is not a "compressed folder".  Mac's default compression scheme is zip...a slightly different encoding format of zip to my understanding, but still zip.

 

.App files are not binaries. They are container files. Really just a special folder that the system treats as a "program"

 

this is App Store.app

the file inside i highlighted is the executible file.

 

[Kisai]

13 hours ago, Hairless Monkey Boy said:

It's one of the first things I change when I install Windows. But even if someone doesn't do that, the torrent site, and the torrent software both list the contents of the torrent and include the file extensions. How exactly do people click download without checking anywhere that they are getting what they expect. 

Probably because they google searched for "how do I watch (name of thing)" and because the torrent sites get buried due to DMCA's, only the malware sites bubble up in google and other search engines.

 

This is the thing that I've observed for the last 5 years, is that when you press too hard on google to hide sites that are pirating your content, the sites that exist for only a few days and basically "match all search parameters" will become higher on the search results, and attempting to get rid of those sites doesn't work because more and more are made. Thanks gTLD's, basically made it a malware and piracy heaven because all they need to do is register thousands of sites on a gTLD that doesn't care.

[Master Disaster]

17 minutes ago, Video Beagle said:

a dmg is a disk image, which can or can not be compressed, but is not a "compressed folder".  Mac's default compression scheme is zip...a slightly different encoding format of zip to my understanding, but still zip.

That seems to be a little bit of arguing semantics. Yes its technically correct but at the same time, a zip file is just a collection of files inside a container which can or can not be compressed.

17 minutes ago, Video Beagle said:

 

.App files are not binaries. They are container files. Really just a special folder that the system treats as a "program"

 

this is App Store.app

the file inside i highlighted is the executible file.

 

Again semantics, as far as the user is concerned, the .app file is the binary. The file you highlighted isn't really a binary, its a shell script that tells the OS where the library files and dependencies are stored which should be pretty obvious since its only 42KB.

[Video Beagle]

37 minutes ago, Master Disaster said:

The file you highlighted isn't really a binary,

pretty much why I didn't use the word "binary" and used "executable"

[Commodus]

6 hours ago, rikitikitavi said:

Sometimes 'pirating' a movie is the only way to experience it at all. And even if someone might have access to a streaming service (or can purchase the product) - there might be only a 'butchered' version available (censorship, limited language/dub selection or whatever other possibility).

It'd be one thing if your country bans or heavily censors a movie, but if it's just because you don't think you can afford it or because you'd like to get some unofficial subtitles in your local language... that's not really a morally justifiable position. You're not entitled to watch any movie you want, however you want; it's not a basic human right.

[Giganthrax]

The way I see it, people who run and install .exe files when downloading a movie have gained a basic, yet very valuable lesson in computer security. Hopefully, they won't make the same mistake again. If they do, well... fool me twice... 

17 minutes ago, Commodus said:

It'd be one thing if your country bans or heavily censors a movie, but if it's just because you don't think you can afford it or because you'd like to get some unofficial subtitles in your local language... that's not really a morally justifiable position. You're not entitled to watch any movie you want, however you want; it's not a basic human right.

This would be a valid argument back when Napster was still a thing. These days, it's pretty much a hard truth that piracy for personal use doesn't put so much as a dent in any these industries.