Windows malware spreads through infected Super Mario game

A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been discovered, posing a serious risk to unwary players. This modified version of the game installer, which was distributed through unknown channels, contains a number of malware infections that can jeopardize the security and privacy of affected systems.

How did Windows malware infects Super Mario game?

Mario Forever is a free-to-play remake of its classic game Nintendo created by Buziol Games. It was released in 2003 for use on Windows. The game quickly became popular, with millions of users downloading it to their devices.

Users unknowingly introduce multiple malicious payloads onto their systems when they run the trojanized installer. The installer extracts three executables: the legitimate Super Mario 3: Mario Forever game installer and two additional files called “java.exe” and “atom.exe.”

The “java.exe” file functions as a Monero (XMR) cryptocurrency miner, mining Monero coins using the victim’s hardware resources. It connects to a mining server at “gulf[.]moneroocean[.]stream” and begins stealing money from the victim’s system.

“atom.exe” on the other hand, installs SupremeBot, a stealthy mining client. To avoid detection, this malware creates a hidden duplicate of itself within the game’s installation directory. It also creates a scheduled task that runs the duplicate every 15 minutes while masquerading as a legitimate process name.

The trojanized Super Mario game installer does more than just mine cryptocurrency. It also employs Umbral Stealer, an open-source information stealer. This advanced malware can steal sensitive data from infected Windows devices.

Recommendation

If you’ve downloaded Super Mario 3: Mario Forever, you should to check your computer for possible malware infection. If malware is detected, you should take steps to remove it from the device. Furthermore, since Umbral Stealer steals information, you will need to reset your passwords in important services and sites. Remember to use one difficult and unique code for different services.