CATEGORIES
home News

Better Scan Your PC For Malware If You Installed This Super Mario Game

by Nathan OrdMonday, June 26, 2023, 12:36 PM EDT
threat actors package malware with super mario game installer f
If you are going to download a program, it may be worth knowing whether you are getting it from the authentic source or a threat actor in between. Such is the case with a trojanized Super Mario game which has been mining cryptocurrency and stealing data while people casually played Super Mario Forever.

Exploiting users’ trust through social engineering, leveraging general trust in game installers, and leaning on large file sizes and complexity of installers allow threat actors to get away with packaging malware with game installers, say researchers at Cyble. This malware can then be monetized for the threat actor by stealing information, running ransomware, or otherwise. However, in this instance, Cyble Research and Intelligence Labs (CRIL) found that a trojanized Super Mario Bros game installer delivered a cryptocurrency miner and information stealer to unsuspecting victims.

infection chain threat actors package malware with super mario game installer
The chain of infection after installing the Mario game

While the legitimate Super Mario game is running normally, a Monero miner and SupremeBot mining client are installed in the background to kick off the infection chain. The mining client then establishes communication with a command and control (C2) server to pull the miner configuration to the victim’s machine. Further, the client also downloads the open-source Umbral Stealer information-stealing malware, which takes sensitive data from browsers, captures screenshots and webcam images, goes after cryptocurrency wallets, and more. This information is then shipped off via Discord webhook to the threat actor’s server on Discord.

umbral threat actors package malware with super mario game installer
Building out an information stealer can be as easy as click and go, unfortunately

Of course, this is not the first time a threat actor has used games as a disguise for malware, such as the recent Pokémon NFT card game malware or the earlier Epic Games launcher malware. Given this and older incidents, it is always good to ensure you are getting a game installer from the source and not a third-party location. Moreover, turning your antivirus or other security solution on and verifying it is up to date would be worthwhile, even if that is simply Microsoft Defender. You never know what could be lurking in any installer.
Tags:  Gaming, security, Mario, cybersecurity
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment