ReasonLabs, a provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into computers with the mask of the latest Spiderman movie. The movie is now available in theaters and tickets are selling fast or prohibitively expensive. In some places, covid lockdowns mean you can’t physically go to a movie theater. All things considered, some people are looking for other ways to watch the movie. Oftentimes, these folks will download the movie, often called a ‘leaked file’, off the Internet for free to watch it. This, however, comes with a hidden ‘cost’.
Many people are aware of the threats associated with unknown files, but criminals do a good job making their downloads look legitimate, like a full free movie that’s ‘only available in theaters’. The threat involved in the Spiderman case is a malicious file containing cryptocurrency mining malware, disguising itself as a torrent for the ‘Spiderman: No Way Home’ movie. ReasonLabs noted they often see mining software deploying in the disguise of common programs and files. Cryptomining tools hidden in the files have grown increasingly popular in recent years because they offer easy access to cash. Hiding a crypto mining tool in a file sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.
When a user downloads the file, the code adds exclusions to antivirus software to stop it from tracking the malicious file’s actions. It then spawns tools for the protection of the downloaded file. The purpose of the malware installation is to mine a specific type of cryptocurrency, called Monero (XMR). Monero Coin is becoming the more popular cryptocurrency of cybercriminals due to the anonymity of the coin, making it more difficult for law enforcement to trace the transactions.
As consumers continue to spend more of their time online, malicious individuals are actively looking for new and improved ways to trick their users into downloading suspicious files. The Spiderman ‘leaked file’ malware (also called a Torrent) is just one example of this.
First, CyberHoot doesn’t condone the downloading of pirated material on the Internet. It’s a felony in the United States to pirate movies, with up to five years of prison time and fines up to $250,000. Perhaps by pushing this article, some illegal downloaders might pause and stop what they’re doing to avoid compromising their computers. That would be a good thing for copyright owners and for the end-user scared straight.
Users exploited by this type of malware may not notice any change to their device. As the technology pulls your computer’s power, you may begin to see a reduction in speed, and problems with your overall computer functionality. Additionally, the damage is likely to eventually show up in the electricity bill (if you’re on a desktop), as devices need to draw extra power for mining and do so during overnight periods of computer inactivity (if a computer is left on), as this is less likely to be noticed and the hacker’s malware removed.
Always protect your computer from malware by running a next-generation antivirus solution based on heuristics, behavior monitoring, and signatures.
For business owners, if you remove Administrative rights from end-users, they will not be able to install software on their own without filing a ticket with IT. This is perhaps one of the best ways to avoid accidental malware installation in your company. It follows the principle of least privilege.
Do not download any software without knowing the source of the file and that it has been validated by the file’s hosting provider. This is simply not possible with Torrents.
For stronger security assurances, before executing a file, research its MD5 Hash and compare that known quantity to the downloaded file’s MD5 Hash to validate it hasn’t been tampered with. Pro Tip: research the MD5 Hash on a website other than the one you’re downloading from. As the hackers might publish a new MD5 Hash of their own on their own malicious download. Devious right?
It’s important to always be sure you’re installing safe applications or files on your devices. In addition to the recommendations above you can also check website reviews, the application’s country of origin, or the reputation of the developers. Each of these can provide you incremental improvement in your trust to download and install something on your computer.
Additionally, these recommendations below will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO Program development services.
All of these recommendations are built into CyberHoot the product or CyberHoot’s vCISO Services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.
Sources:
Additional Readings:
Japanese Crypto Exchange Robbed of $100,000,000
Monero – The New Crypto For Hackers
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read more
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read more
Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
