Super Mario game used to spread malware

A Trojanized installer for the Nintendo fan game is spreading crypto mining malware

Add bookmark

Olivia Powell
06/28/2023

A Trojanized installer for the popular Nintendo fan game Super Mario Forever has been used to spread malware.

This discovery was made cyber security company Cyble. Cyble’s researchers found that malicious actors were spreading a Monero (XMR) miner, a SupremeBot mining client and an open-source Umbral stealer all bundled with a legitimate installer for Super Mario Forever.

Once successfully installed on a device and the game is launched, the malware then secretly executes malware files on the infected device. The XMR miner uses the infected device to mine for the cryptocurrency Monero. The miner operates discreetly in the background processes of the device, meaning the unauthorized mining is hidden from the victim.

The XMR miner also harvests data from the victim’s computer, including the computer name, username, graphics processing unit and central processing unit and transfers it to a command and control center.

The SupremeBot mining client executes processes on the infected device to retrieve and execute malicious data-stealing software from a command and control center to the device. This then unloads the Umbral stealer onto the device’s process memory. The Umbral stealer then rapidly collects data off the device and sends it to the malicious actor who uploaded the Trojanized software via instant messaging platform Discord using webhooks.

Cyble noted that the Umbral stealer can execute the following processes:

Capturing screenshots
Retrieving browser passwords and cookies
Capturing webcam images
Obtaining telegram session files and discord tokens
Acquiring Roblox cookies and Minecraft session files
Collecting files associated with cryptocurrency wallets.

Together, this malicious payload bundle can significantly impact victims, both monetarily via stolen cryptocurrency or fraudulent bank transfers and materially, through the impact crypto mining will have on their device. This is because crypto mining massively disrupts a system’s processes as well as depleting its resources.