Mamma mia - this Super Mario Windows game was actually just installing malware

(Image credit: Nintendo)

Super Mario 3: Mario Forever, a legitimate game that represents a modernized spin on one of the all-time classics, is now the subject of an attack that is seeing malware spread to the Windows devices of excited players.

The news comes from Cyble Research and Intelligence Labs, which has identified a trojanized Super Mario Bros game installer that’s spreading malware.

Cryptomining is clearly a focus of the threat actor, with XMR miner and SupremeBot mining client both witnessed by Cyble. The Umbral stealer has also been found lurking beneath the game installer.

Super Mario 3 installer spreading malware

Cyble explained how threat actors typically value games for their large size and complex nature, which makes hiding malware reasonably easy. In this instance, the malicious files were found bundled with a legitimate installer file of super-mario-forever-v702e.

In particular, Cyble says that cryptomining attacks are often seen targeting gaming devices because gamers typically run powerful hardware to keep up with demanding graphics and processing requirements, thus they are well suited to mining.

Attackers have honed in on the Super Mario franchise for its unmeasurable popularity, which since the 1980s has grown to include a variety of demographics. Its resurgence in recent years has made it a great host for malware attacks.

As well as the pair of cryptomining executables, including a Monero miner, victims are also targeted by a stealer that trawls data from the infected Windows device, including browser data, crypto wallets, and account credentials.

What’s worse, the stealer is designed to impair the communication of many antivirus tools and even evades Windows Defender detection.

As threat actors become increasingly savvy about malware distribution, consumers are being warned to exercise care and diligence when it comes to downloading or accessing online content. Downloading clients from the authorized seller or partner is vital, but those who suspect they may be the victim of an attack should run malware removal tools in an effort to iron out potential threats.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!