HQ/EMEAFind out how we can help your business
New cybersecurity research uncovered a trojanised version of the Super Mario 3 game installer on Windows. Based on reports, the attackers included a self-extracting archive executable on the Super Mario 3: Mario Forever installer.
Researchers claimed that the actors had advertised the game on multiple platforms, such as social media groups, gaming forums, and malicious advertisements.
The malicious Super Mario 3 installer also has three executable files.
Super Mario 3 includes three executable files. The first one installs the Mario game, and the threat actors discreetly install the other two in their target’s AppData directory during the game’s installation process.
Subsequently, the installer will execute the malicious executables on the disk. This method will also initiate an XMR mining operation and launch a SupremeBot mining client. Finally, the SupremeBot component recovers an additional payload from the command-and-control server in the form of an executable.
The file could then react to Umbral Staler, an infostealer designed to steal data from an infected Windows device.
Researchers explained that the Umbral Stealer could exfiltrate web browser data, crypto wallets, and authentication and credentials tokens for well-known platforms like Roblox, Telegram, Minecraft, and Discord.
Additionally, it could capture screenshots of the Windows desktop and exploit linked webcams to capture media. Furthermore, the information stealer adopts tactics to avoid Windows Defender. Analysts claimed that the stealer could disable the Windows Defender program if it enables tamper protection.
However, if tamper protection is enabled, the malware adds its process to Windows Defender’s exclusion list. Therefore, it acquires immunity from detection by AV software solutions.
Lastly, it manipulates the Windows host archive to impair the communication between widely utilised AV products and their respective company websites.
The gaming community’s extensive user base has attracted numerous threat actors. Hence, attackers have always sought ways to exploit games and distribute their malicious tools. Cybersecurity experts claim that the threat actors used Super Mario 3 to target high-end devices as the game requires high resolution, which translates to users with enough money to acquire such devices.
Gamers should regularly check their system performance and CPU usage and employ proper cybersecurity hygiene to remain safe from such attacks.
