A popular fan-made Super Mario Bros game has been laced with malware programmed to install a cryptocurrency miner alongside stealing a host of security information — ranging from the details of your crypto wallet to browser passwords.
The game Super Mario Forever was created in 2004 as a fan-made reimagining of Nintendo’s Super Mario series. Launched on the PC through Softendo, it featured new levels, characters, and power-ups that attracted fans of the series.
However, in the late 2010s, researchers began to cover how Super Mario Forever had become a mess of viruses. Now, researchers from Cyble Research and Intelligence Labs say the game is trojanized and equipped to infect your computer with crypto malware.
According to Cyble, “The malware files were found bundled with a legitimate installer file of super-mario-forever-v702e.”
Once Super Mario Forever is installed and running, two viruses are also installed. First, the file ‘java.exe’ is executed and starts to secretly run a Monero crypto miner and connect to a crypto mining server.
Then another file called ‘atom.exe’ is executed and starts to manage the crypto mining process. This file retrieves a “malicious information-stealing executable” known as ‘wime.exe.’ From here, an open source GitHub project that can steal personal and security information known as Umbral Stealer is downloaded.
If used correctly, Umbral Stealer can obtain a victim’s browser passwords and cookies, capture webcam images, retrieve Telegram session files and Discord tokens, collect crypto wallet data, and retrieve Roblox cookies and Minecraft session files.
Targeted crypto wallets include Ethereum, Zcash, Atomic Wallet, Bytecoin, Exofus, Electrum, Guarda, Coinomi, Jaxx, and Armory.
Avoiding crypto malware
To avoid this type of malware, Cyble recommends that system performance and CPU checks should be made periodically and that security policies should be updated to prohibit “downloading and installing crypto mining software on end-user systems.”
Don’t download pirated software from torrent sites, turn on automatic updates, use antivirus software, and learn to recognize untrustworthy links and phishing attacks.
Cyble said, “This coin-miner malware campaign leverages the Super Mario Forever game to target gamers and individuals utilizing high-performance computing machines for gaming purposes.”
“Furthermore, the malware also deploys a stealer component to illicitly acquire sensitive information from the victims’ systems, aiming to generate additional financial profits,” the firm said.
“The combination of mining and stealing activities leads to financial losses, a substantial decline in the victim’s system performance, and the depletion of valuable system resources.”