The recent release of Spider-Man: No Way Home is one of the first post-pandemic premieres to have everyone hyped about and hackers know that.
That’s why they’re using it as a credit card harvesting phishing scam.
Would you like to know what’s all of this menace that Spider-Man couldn’t save you from?
New Spider-Man Movie Phishing Campaign
Kaspersky’s researchers were the first ones to warn about what was going on close to the release of Spider-Man: No Way Home. They found multiple examples of phishing websites set up to spread malware and steal viewers’ bank details.
Tatyana Shcherbakova at Kaspersky explained why this attack, in particular, was so successful, which is hard to understand if you’re not familiar with the comic book adaptation.
“Fans’ expectations are through the roof right now, arguably higher than for any film.
Everyone who has ever been a fan of Spidey has their theories about the films, which can be exploited by cybercriminals.”
Above, you can see how the websites look like.
These phishing sites requested users their banking information to get early access to the movie. But users received malicious video files instead, filled with adware and trojans, able to gather and modify your device’s data.
They’re built to target desperate people who seek more information or the movie itself before anyone else. This is mostly because of the wave of spoilers surfing the internet right now.
Spoilers have gotten so badly common that the latest Twitter trend is deleting it.
According to those who participated days before the premiere, it was the only way to be completely safe. Thinking about it, that’s also a good way to avoid phishing scams like the one mentioned today.
Of course, this is not the first time something similar has ever happened. Most pop-culture and sports events that drive excitement to a large demographic (be it the world cup, the death of a celebrity, or in this case, a release) are used to entice a click or downloads.
Crypto Miner Hiding Inside Spider-Man Movie Files
Days after, illicit copies including malware dubbed “Spiderman” started to circulate across torrent sites. Researchers at Reason Cybersecurity Ltd detailed that it’s a variant of others spread before as Windows updater” and “Discord app.”
This one in particular is a crypto miner capable of adding exclusions to Windows Defender.
Take into account that, at first run, it would kill any process that could block its way in and also proceed to execute two other called Sihost64.exe and WR64.exe.
Spokespersons at JupiterOne Inc., Bugcrowd Inc., and Digital Shadows Ltd. explained that hiding malware (including crypto miners) inside torrent files is not a new practice.
It has been a common practice for over a decade and both gen Xers and millennials have been downloaded the largest amount of infected .zip’s and so.
Today’s post is dedicated to those who didn’t know about it or even those who fall into it and regret it. If the second is your case, then don’t worry. It’s understandable and there’s nothing to be ashamed of.
It’s a good thing that you search for more information about it and that’s what we’re here for.
Our team of cybersecurity experts is here to answer any question around the topic.