ReasonLabs, a provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into computers with the mask of the latest Spiderman movie. The movie is now available in theaters and tickets are selling fast or prohibitively expensive. In some places, covid lockdowns mean you can’t physically go to a movie theater. All things considered, some people are looking for other ways to watch the movie. Oftentimes, these folks will download the movie, often called a ‘leaked file’, off the Internet for free to watch it. This, however, comes with a hidden ‘cost’.
Malware-Ridden Files
Many people are aware of the threats associated with unknown files, but criminals do a good job making their downloads look legitimate, like a full free movie that’s ‘only available in theaters’. The threat involved in the Spiderman case is a malicious file containing cryptocurrency mining malware, disguising itself as a torrent for the ‘Spiderman: No Way Home’ movie. ReasonLabs noted they often see mining software deploying in the disguise of common programs and files. Cryptomining tools hidden in the files have grown increasingly popular in recent years because they offer easy access to cash. Hiding a crypto mining tool in a file sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.
What Happens?
When a user downloads the file, the code adds exclusions to antivirus software to stop it from tracking the malicious file’s actions. It then spawns tools for the protection of the downloaded file. The purpose of the malware installation is to mine a specific type of cryptocurrency, called Monero (XMR). Monero Coin is becoming the more popular cryptocurrency of cybercriminals due to the anonymity of the coin, making it more difficult for law enforcement to trace the transactions.
As consumers continue to spend more of their time online, malicious individuals are actively looking for new and improved ways to trick their users into downloading suspicious files. The Spiderman ‘leaked file’ malware (also called a Torrent) is just one example of this.
Why publish an article on illegal downloads?
First, CyberHoot doesn’t condone the downloading of pirated material on the Internet. It’s a felony in the United States to pirate movies, with up to five years of prison time and fines up to $250,000. Perhaps by pushing this article, some illegal downloaders might pause and stop what they’re doing to avoid compromising their computers. That would be a good thing for copyright owners and for the end-user scared straight.
What Happens to your Computer?
Users exploited by this type of malware may not notice any change to their device. As the technology pulls your computer’s power, you may begin to see a reduction in speed, and problems with your overall computer functionality. Additionally, the damage is likely to eventually show up in the electricity bill (if you’re on a desktop), as devices need to draw extra power for mining and do so during overnight periods of computer inactivity (if a computer is left on), as this is less likely to be noticed and the hacker’s malware removed.
CyberHoot General Recommendations on Malware
Always protect your computer from malware by running a next-generation antivirus solution based on heuristics, behavior monitoring, and signatures.
For business owners, if you remove Administrative rights from end-users, they will not be able to install software on their own without filing a ticket with IT. This is perhaps one of the best ways to avoid accidental malware installation in your company. It follows the principle of least privilege.
Do not download any software without knowing the source of the file and that it has been validated by the file’s hosting provider. This is simply not possible with Torrents.
For stronger security assurances, before executing a file, research its MD5 Hash and compare that known quantity to the downloaded file’s MD5 Hash to validate it hasn’t been tampered with. Pro Tip: research the MD5 Hash on a website other than the one you’re downloading from. As the hackers might publish a new MD5 Hash of their own on their own malicious download. Devious right?
Additional Business Cybersecurity Recommendations
It’s important to always be sure you’re installing safe applications or files on your devices. In addition to the recommendations above you can also check website reviews, the application’s country of origin, or the reputation of the developers. Each of these can provide you incremental improvement in your trust to download and install something on your computer.
Additionally, these recommendations below will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO Program development services.
- Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
- Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
- Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
- Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
All of these recommendations are built into CyberHoot the product or CyberHoot’s vCISO Services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.