Super Mario

Super Mario Game Got Trojanized: Used As Vehicle For Crypto Miners And Malware

The widely popular game Super Mario Bros. 3 got Trojanized!

The game has become a target for threat actors seeking to spread crypto miners and information-stealing malware.

Cyble Research & Intelligence Labs recently uncovered the trojanized version of Super Mario Bros. 3

It has been found to be bundled with malicious files that install Monero miners and the SupremeBot mining client.

Why Is Super Mario Targeted

Super Mario Bros has a massive user base, definitely making it an attractive target for threat actors.

According to Cyble researchers,

Threat Actors target game installers due to the extensive user base and because users trust those installers. The significant file size and intricate nature of games create favorable conditions for threat actors to conceal malware within them.

Additionally, the powerful hardware associated with gaming provides valuable computing power for mining cryptocurrencies.

Trojanized Version Of Super Mario

The trojanized version of the Super Mario installer contains the genuine game application alongside two malicious files named “atom.exe” and “java.exe.”

When unsuspecting users install the file, they unknowingly invite the XMR miner and SupremeBot mining client onto their devices.

These stealthy applications operate silently in the background, hogging CPU resources to generate digital coins for the attackers while collecting sensitive information from the compromised system.

The XMR miner not only exhausts system resources but also harvests data such as computer names, usernames, CPU, and GPU details, which are then sent back to the attacker.

Similarly, the sophisticated SupremeBot mining client mines crypto while maintaining communication with a command and control server.

This miner goes a step further by deploying the Umbral Stealer malware, capable of capturing screenshots, recording webcam images, collecting browser data, acquiring files associated with crypto wallets, and retrieving information from popular platforms like Telegram, Discord, Minecraft, and Roblox.

The advanced move – it cleans its footprints making the malware undetectable.

Protect Yourself From Trojanized Installers

Knowing the possibility of stumbling upon Trojanized Installers, users must exercise caution to protect themselves.

Among these cautions, the following must be considered:

  • Verify the developer of any app before downloading it.
  • Only download apps from official websites or trusted app stores.
  • Utilize antivirus software to protect your device from malware.
  • Stay updated with the latest security patches and updates for your operating system and applications.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

SEO Poisoning Attacks on Rise in Health Sector

When Investment Scams Use Big Names To Deceive

CISA Issues Warning: Critical Vulnerabilities in Ivanti’s Endpoint Manager Mobile

Social Media Scams Rack Up $2.7 Billion in Losses Since 2021, Reports FTC