No Way Home Leaks Targeted by Monero-Mining Malware (Report)

Please fol­low and like us:
Pin Share

It appears that hack­ers are find­ing new avenues to exploit non-sus­pect­ing vic­tims and take advan­tage of their com­put­ing pow­er. This time, the pri­ma­ry tool to use are leaks of the new Spi­de-Man: No Way Home movie.

  • Spi­der-Man: No Way Home pre­miered on Decem­ber 17th, 2021 – mere­ly a week ago, in the US.
  • For the short time being, it has already become the third-most suc­cess­ful movie of the year, accord­ing to box office statistics.
  • Data from Box Office Mojo shows that it’s the top-gross­ing movie in 2021, rak­ing in over $350 mil­lion dur­ing its pre­miere week alone.
  • Nat­u­ral­ly, a movie so pop­u­lar would also cre­ate an off-the-books demand for leaked releas­es on the Inter­net, most com­mon­ly – in the form of tor­rent downloads.
  • New research, how­ev­er, reveals that it’s these releas­es that have been heav­i­ly tar­get­ed by hackers.
  • The study con­cludes that hack­ers have been plac­ing Mon­ero min­ers in tor­rent down­loads of the new movies.
  • For those unaware, mal­ware is a piece of cod­ing that’s not part of the publisher’s intent and is designed to exer­cise var­i­ous process­es in the back­ground with­out the user’s knowl­edge and consent.
  • In this case, the min­er would also add exclu­sions for Win­dows Defend­er, spawn a watch­dog process to upkeep its activ­i­ty, and cre­ate persistence.

Per the research:

The mal­ware tries to stay away from exam­in­ing eyes, by using ‘legit­i­mate’ names for the files and process­es that it cre­ates; for exam­ple, it claims to be by Google and drops files with names like sihost64.exe, and injects to svchost.exe.

  • Some­what expect­ed­ly, Mon­ero has been the cryp­tocur­ren­cy of choice for hack­ers, sup­pos­ed­ly because of its enhanced pri­va­cy features.
  • XMR is also the coin that black-hats pre­fer when it comes to ran­somware demands. As Cryp­toPota­to report­ed ear­li­er this year, some­one demand­ed $100 mil­lion in XMR from the com­put­er giant Acer after installing ran­somware on its systems.
SPECIAL OFFER (Spon­sored)

Binance Free $100 (Exclu­sive): Use this link to reg­is­ter and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Spe­cial Offer: Use this link to reg­is­ter & enter POTATO50 code to get 25% off trad­ing fees.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *