Mamma mia! Crypto malware hidden in Super Mario game

by Protos Staff

A popular fan-made Super Mario Bros game has been laced with malware programmed to install a cryptocurrency miner alongside stealing a host of security information — ranging from the details of your crypto wallet to browser passwords.

The game Super Mario Forever was created in 2004 as a fan-made reimagining of Nintendo’s Super Mario series. Launched on the PC through Softendo, it featured new levels, characters, and power-ups that attracted fans of the series. 

However, in the late 2010s, researchers began to cover how Super Mario Forever had become a mess of viruses. Now, researchers from Cyble Research and Intelligence Labs say the game is trojanized and equipped to infect your computer with crypto malware.

According to Cyble, “The malware files were found bundled with a legitimate installer file of super-mario-forever-v702e.”

Once Super Mario Forever is installed and running, two viruses are also installed. First, the file ‘java.exe’ is executed and starts to secretly run a Monero crypto miner and connect to a crypto mining server. 

Then another file called ‘atom.exe’ is executed and starts to manage the crypto mining process. This file retrieves a “malicious information-stealing executable” known as ‘wime.exe.’ From here, an open source GitHub project that can steal personal and security information known as Umbral Stealer is downloaded.

The Super Mario Forever start screen (via Cyble).

Read more: Stealthy crypto miners loot altcoins with GitHub trial accounts

If used correctly, Umbral Stealer can obtain a victim’s browser passwords and cookies, capture webcam images, retrieve Telegram session files and Discord tokens, collect crypto wallet data, and retrieve Roblox cookies and Minecraft session files. 

Targeted crypto wallets include Ethereum, Zcash, Atomic Wallet, Bytecoin, Exofus, Electrum, Guarda, Coinomi, Jaxx, and Armory. 

Avoiding crypto malware

To avoid this type of malware, Cyble recommends that system performance and CPU checks should be made periodically and that security policies should be updated to prohibit “downloading and installing crypto mining software on end-user systems.” 

Don’t download pirated software from torrent sites, turn on automatic updates, use antivirus software, and learn to recognize untrustworthy links and phishing attacks. 

Cyble said, “This coin-miner malware campaign leverages the Super Mario Forever game to target gamers and individuals utilizing high-performance computing machines for gaming purposes.”

A look at how the crypto malware works (via Cyble).

Read more: Match CEO disses mobile games after blowing $50K on Clash of Clans

“Furthermore, the malware also deploys a stealer component to illicitly acquire sensitive information from the victims’ systems, aiming to generate additional financial profits,” the firm said.

“The combination of mining and stealing activities leads to financial losses, a substantial decline in the victim’s system performance, and the depletion of valuable system resources.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on TwitterInstagramBluesky, and Google News, or subscribe to our YouTube channel.