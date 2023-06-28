- Advertisement -

We’ve already talked here at TC about various virtual scam strategies that use major pop culture franchises to lure victims, but this week a new scam has surfaced on the internet, and it’s based on one of Nintendo’s most iconic franchises. In view of the resounding success of the animated Super Mario Bros. movie, the popularity of the franchise is even higher, with that, we had the appearance of a new virus disguised as the plumbers game circulating on the internet.

The Cyble Research and Intelligence Laboratory (CRIL) identified a trojanized Super Mario Bros game installer that included several malicious components, including an XMR miner, SupremeBot mining client, and the open source Umbral thief. The malware files were found alongside a legitimate super-mario-forever-v702e installation file. - Advertisement - The figure below illustrates the GUI of the Super Mario Forever game after a successful installation.





The image below shows the infection chain of the compromised installer of the Super Mario game that delivers the Umbral Stealer. The Windows 11 feature you should know to improve your productivity





As we can see in the flowchart above, the infection happens the moment the “game” is installed, loading to the host computer a series of secondary downloads that include the miner of the Monero cryptocurrency, which is transferred to wallets under the control of the crooks. As for the Umbral Stealer malware, the system steals data saved in the browser such as passwords, access cookies, digital funds wallets and authentication tokens. Apparently, the focus is on games like Minecraft and Roblox, as well as Telegram and Discord services. - Advertisement -



