Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Mamma mia - this Super Mario Windows game was actually just installing malware

Mario

Super Mario 3: Mario Forever, a legitimate game that represents a modernized spin on one of the all-time classics, is now the subject of an attack that is seeing malware spread to the Windows devices of excited players.

The news comes from Cyble Research and Intelligence Labs, which has identified a trojanized Super Mario Bros game installer that’s spreading malware.

Cryptomining is clearly a focus of the threat actor, with XMR miner and SupremeBot mining client both witnessed by Cyble. The Umbral stealer has also been found lurking beneath the game installer.

Super Mario 3 installer spreading malware

Cyble explained how threat actors typically value games for their large size and complex nature, which makes hiding malware reasonably easy. In this instance, the malicious files were found bundled with a legitimate installer file of super-mario-forever-v702e.

In particular, Cyble says that cryptomining attacks are often seen targeting gaming devices because gamers typically run powerful hardware to keep up with demanding graphics and processing requirements, thus they are well suited to mining.

Attackers have honed in on the Super Mario franchise for its unmeasurable popularity, which since the 1980s has grown to include a variety of demographics. Its resurgence in recent years has made it a great host for malware attacks.

As well as the pair of cryptomining executables, including a Monero miner, victims are also targeted by a stealer that trawls data from the infected Windows device, including browser data, crypto wallets, and account credentials.

What’s worse, the stealer is designed to impair the communication of many antivirus tools and even evades Windows Defender detection.

As threat actors become increasingly savvy about malware distribution, consumers are being warned to exercise care and diligence when it comes to downloading or accessing online content. Downloading clients from the authorized seller or partner is vital, but those who suspect they may be the victim of an attack should run malware removal tools in an effort to iron out potential threats.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.