‘Spider-Man: No Way Home’ is undoubtedly one of the Marvel’s most anticipated releases, so much so that it has already become the eighth highest grossing film in history. This, as usual, also translates into a great popularity of unauthorized downloads of the film, a practice with which you have to be careful, especially if you are new to it.
It is precisely the popularity of Spider-Man that malicious people are taking advantage of to disguise a Monero cryptocurrency miner as if it were a movie torrent. The most clueless will try to open the downloaded torrent and they will end up installing malware on their computers that will squeeze them to the maximum to mine for others.
This malware in question is capable of adding exclusions to Windows Defender, creating persistence and generating a watchdog process to keep its activity in the background. Also, it tries to stay hidden from scanners by using “legitimate” names for the files and processes it creates; for example, claims to be from google and drops files with names like sihost64.exe, and injects into svchost.exe.
Why do you always have to look at file extensions
The file, which probably came from some Russian torrent site, has a fairly obvious name that anyone familiar with Windows executables will immediately spot it as suspicious: “spiderman _ net _ putidomoi.torrent.exe” The “spiderman _ no _ wayhome.torrent.exe“.
This is something we have talked about quite thoroughly before, if you download torrents you should not forget to check the file extensions, and activate the function in Windows Explorer to show hidden extensions (because by default many are not shown).
No video file ends in .exe, that’s an executable and all the alarms that you are downloading malicious software should sound. Video files are usually .mp4 or .mkv, they will never be .exe.