The Super Mario video game franchise has gained immense acclaim due to its platforming gameplay, lively visuals, memorable characters. Recently, the franchise has experienced a renewed surge in popularity with the release of new games and animated movies. The franchise has consistently evolved by introducing innovative game mechanics, power-ups, and levels across titles and gaming consoles. Since its establishment in the 1980s. Super Mario games have amassed a vast global fanbase, bringing joy and immersion to millions of players worldwide.
Trojans Hide in the Super Mario Game
Criminals can monetize malware distributed through the game. Installers engage in activities such as stealing sensitive information, launching ransomware attacks, and other malicious actions. Previously, researchers have discovered several malware campaigns targeting gamers and their game-related applications, including Enlisted, MSI Afterburner, and others.
The experts found a compromised version of the Super Mario Bros game installer that contains various harmful components. It is an XMR miner, SupremeBot mining client, and open-source Umbral stealer. These malicious files were found packaged with the legitimate installer file of super-mario-forever-v702e. This incident highlights another reason TAs utilize game installers as a delivery mechanism: the powerful hardware commonly associated with gaming provides valuable computing power for mining cryptocurrencies.
Here is the infection chain of the compromised Super Mario Game installer:
What is the Umbral Stealer virus?
Umbral Stealer is a dangerous malware that can capture sensitive user information by taking screenshots of the Windows desktop or using connected webcams to record media. The stolen data is saved locally and then sent to the C2 server. To avoid being detected by Windows Defender, the malware turns off the program unless tamper protection is enabled. If tamper protection is enabled, the malware adds its process to the Defender’s exclusion list. The malware also interferes with popular antivirus products‘ communication with company sites by modifying the Windows host’s file, rendering them ineffective.
Umbral Stealer is a C# information stealer that has been open-source and available on GitHub since April 2023. This Stealer steals various types of data from infected Windows devices, such as stored passwords and session tokens in web browsers, cryptocurrency wallets, and authentication tokens for popular platforms like Discord, Minecraft, Roblox, and Telegram.
How to protect against Trojanized Super Mario?
If you recently installed Super Mario 3: Mario Forever, it’s recommended to follow the next steps to ensure your PC safety:
- Users need to monitor their system performance and CPU usage regularly.
- Installing a reputable antivirus and internet security software package on all connected devices, including PCs, laptops, and mobile devices, is highly recommended.
- Scan your PC for any malware and remove it if detected.
- To ensure your safety, reset your passwords for sensitive accounts such as banking, financial, cryptocurrency, and email.
- Use a unique password for each account and store it in a password manager for added security.
- When downloading games or any software, only from official sources like the publisher’s website or trustworthy digital content distribution platforms.
- Always scan any downloaded executables with your antivirus software before launching them and ensure that your security tools are up-to-date.
The gaming community’s large and interlinked user base is a prime target for malicious activities by TAs. One such activity is a coin-miner malware campaign that uses the Super Mario Forever game to target gamers using high-performance computers. This malware also has a component that steals sensitive information from the victims’ systems, resulting in financial losses and a significant decrease in system performance and resources. As a result, individuals and organizations face significant disruptions in their productivity.
