Gandalf_The_Grey
Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,445
A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.
Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003.
The game became very popular, downloaded by millions, who praised it for featuring all the mechanics of the classic Mario series but with updated graphics and modernized styling and sound.
Development of the game continued for another decade, releasing multiple subsequent versions that brought bug fixes and improvements. Today, it remains a post-modern classic.
Researchers from Cyble discovered that threat actors are distributing a modified sample of the Super Mario 3: Mario Forever installer, distributed as a self-extracting archive executable through unknown channels.
The trojanized game is likely promoted on gaming forums, social media groups, or pushed to users via malvertizing, Black SEO, etc.
The archive contains three executables, one that installs the legitimate Mario game ("super-mario-forever-v702e.exe") and two others, "java.exe" and "atom.exe," that are discreetly installed onto the victim's AppData directory during the game's installation.
Once the malicious executables are in the disk, the installer executes them to run an XMR (Monero) miner and a SupremeBot mining client.
Trojanized Super Mario game used to install Windows malware
A trojanized installer for a popular Super Mario Bros game has been infecting unsuspecting players with multiple Windows malware families.
www.bleepingcomputer.com