A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.
Super Mario 3: Mario Forever is a free-to-play remake of the classic Nintendo game developed by Buziol Games and released for the Windows platform in 2003.
The game became very popular, downloaded by millions, who praised it for featuring all the mechanics of the classic Mario series but with updated graphics and modernized styling and sound.
Development of the game continued for another decade, releasing multiple subsequent versions that brought bug fixes and improvements. Today, it remains a post-modern classic.
Researchers from
Cyble discovered that threat actors are distributing a modified sample of the Super Mario 3: Mario Forever installer, distributed as a self-extracting archive executable through unknown channels.
The trojanized game is likely promoted on gaming forums, social media groups, or pushed to users via malvertizing, Black SEO, etc.
The archive contains three executables, one that installs the legitimate Mario game ("super-mario-forever-v702e.exe") and two others, "java.exe" and "atom.exe," that are discreetly installed onto the victim's AppData directory during the game's installation.
Once the malicious executables are in the disk, the installer executes them to run an XMR (Monero) miner and a SupremeBot mining client.
