Trojanized Super Mario game used to install Windows malware


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.

Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003.

The game became very popular, downloaded by millions, who praised it for featuring all the mechanics of the classic Mario series but with updated graphics and modernized styling and sound.

Development of the game continued for another decade, releasing multiple subsequent versions that brought bug fixes and improvements. Today, it remains a post-modern classic.

Researchers from Cyble discovered that threat actors are distributing a modified sample of the Super Mario 3: Mario Forever installer, distributed as a self-extracting archive executable through unknown channels.

The trojanized game is likely promoted on gaming forums, social media groups, or pushed to users via malvertizing, Black SEO, etc.

The archive contains three executables, one that installs the legitimate Mario game ("super-mario-forever-v702e.exe") and two others, "java.exe" and "atom.exe," that are discreetly installed onto the victim's AppData directory during the game's installation.

Once the malicious executables are in the disk, the installer executes them to run an XMR (Monero) miner and a SupremeBot mining client.


Level 47
Top Poster
Mar 16, 2019
The info-stealer is capable of evading Windows Defender by disabling the program if tamper protection is not enabled. If not, it adds its process to the Defender's exclusion list.
Microsoft be like.....
Who Cares So What GIF by PragerU

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.