Mamma mia - this Super Mario Windows game was actually just installing malware

Cryptomining is clearly a focus of the threat actor, with XMR miner and SupremeBot mining client both witnessed by Cyble. The Umbral stealer has also been found lurking beneath the game installer.

Super Mario 3 installer spreading malware

Cyble explained how threat actors typically value games for their large size and complex nature, which makes hiding malware reasonably easy. In this instance, the malicious files were found bundled with a legitimate installer file of super-mario-forever-v702e.

In particular, Cyble says that cryptomining attacks are often seen targeting gaming devices because gamers typically run powerful hardware to keep up with demanding graphics and processing requirements, thus they are well suited to mining.

Attackers have honed in on the Super Mario franchise for its unmeasurable popularity, which since the 1980s has grown to include a variety of demographics. Its resurgence in recent years has made it a great host for malware attacks.

As well as the pair of cryptomining executables, including a Monero miner, victims are also targeted by a stealer that trawls data from the infected Windows device, including browser data, crypto wallets, and account credentials.

What’s worse, the stealer is designed to impair the communication of many antivirus tools and even evades Windows Defender detection.

As threat actors become increasingly savvy about malware distribution, consumers are being warned to exercise care and diligence when it comes to downloading or accessing online content. Downloading clients from the authorized seller or partner is vital, but those who suspect they may be the victim of an attack should run malware removal tools in an effort to iron out potential threats.

• Stop some attacks before they even happen with the best endpoint protection software