Stealthy Crypto Malware Found in Popular Super Mario Game – Here’s the Latest
Hackers are using a resurgence in popularity around the Super Mario Bros. franchise to sneak stealthy crypto malware onto unsuspecting gamers’ personal computers.
As reported by Cyble Research & Intelligence Labs on Friday, a legitimate installer for the fan-made game “Super Mario 3: Mario Forever” secretely includes “an XMR miner, SupremeBot mining client, and the Open-source Umbral stealer,” on top of the actual game.
“The social engineering tactics that TAs use exploit users’ trust and entice them to download and run malicious game installers,” wrote Syble. “The large file size and games’ complexity provide TAs opportunities to hide malware within them.”
Mario Forever is a 2004 sidescroller featuring dozens of free levels that emulate the feeling of main series mario games. It’s been downloaded at least 17 million times, according to a CNET downloads listing for the game.
It's Super Mario Forever. AGAIN. I've lost count of how many times Super Mario Forever has been bundled with malware. Anybody who plays this game is asking for an infection at this point. https://t.co/l6OJUjaF4U
— thomas (@TomrowB) June 27, 2023
The first program within the malicious installer – a Monero (XMR) miner – can be especially effective when infecting gamers’ PCs, since their powerful computer hardware is exactly what’s needed to mine several popular cryptocurrencies. Hackers can exploit such energy intensive resources to produce crypto in blockchain addresses that they control, all at their victims’ expense.
XMR in particular is designed as a privacy coin, meaning its transactions aren’t easily tracked on the blockchain like Bitcoin (BTC) or Ethereum (ETH). Many exchanges have banned XMR at regulators’ orders to prevent criminals from using those coins for laundering money or cashing out proceeds.
Stealing Gamers’ Wallet Information
Meanwhile, Cyble describes the accompanying Umbral Stealer as a “lightweight and efficient information stealer.”which can take private information including passwords, webcam images, and even crypto wallet info. The app targets wallets for networks including Ethereum, ZCash, and Bytecoin, and specifically searches for Atomic Wallet, which was already hacked for $35 million earlier this month.
Hackers stealing sensitive information may demand ransom from their victims, for which crypto has become an especially popular tool over time. Unlike wire transfers, crypto transactions are irreversible and often better at protecting a hacker’s identity.
Though an old game, Mario Forever has a long running legacy as a fan made game based off of the iconic plumber. The franchise received a fresh resurgence in popularity after the release of The Super Mario Bros. Movie this year, which has since become the second-largest animated box office hit of all time, worldwide.
