A Trojan horse that takes over the PC is mixed in the fan-made version 'Super Mario' downloaded millions of times
by
A Trojan aimed at making the installer of the Windows game 'Super Mario 3: Mario Forever', which is a clone of Nintendo's 'Super Mario' series, illegally mine virtual currency and steal information such as bank accounts. Security firm Cyble reports that it has discovered a compromised version of the .
Cyble — Trojanized Super Mario Game Installer Spreads SupremeBot Malware
https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/
Trojanized Super Mario game used to install Windows malware
https://www.bleepingcomputer.com/news/security/trojanized-super-mario-game-used-to-install-windows-malware/
'Super Mario 3: Mario Forever' is a free game released in 2003 by an indie game studio called Buziol Games. According to Bleeping Computer, an IT news site, it has been well received for incorporating new graphics and music while inheriting the elements of the original Super Mario, and has been downloaded millions of times so far.
Researchers at security company Cyble reported on June 23, 2023 that a modified version of this `` Super Mario 3: Mario Forever '' installer was being distributed by threat actors.
The installer in question contains three executables, one of which is the legitimate game installation executable 'super-mario-forever-v702e.exe'. There is no abnormality in this game itself, so you can play normally by installing it.
However, 'java.exe' and 'atom.exe' are also unpacked at the same time as the installation and secretly executed as hidden files. Of the two, 'java.exe' is a tool for mining the cryptocurrency Monero, and 'atom.exe' connects the victim's device to
In addition, ``atom.exe'' downloads and executes a file ``wime.exe'' containing
'Umbral Stealer' has a variety of functions, such as screen screenshots, webcam captures, passwords and cookies stored in browsers, files related to virtual currency wallets, Telegram, Discord, Roblox, Minecraft user information, etc. Steal up to the root.
The main target browsers are Brave, Chrome, Chromium, Comodo, Edge, EpicPrivacy, Iridium, Opera, OperaGx, Slimjet, Ur, Vivaldi and Yandex.
“This coin miner malware campaign targets gamers and individuals using high-end PCs for gaming using Super Mario Forever,” Cyble said in a statement. The people they belong to are broad and interconnected, which makes them attractive targets for threat actors looking to exploit vulnerabilities to carry out a variety of malicious activities.” bottom.
Bleeping Computer also said, ``If you have recently downloaded this game, please scan your PC for malware and delete anything that is detected. Passwords on sensitive sites such as emails should be reset, and when downloading software such as games, it is important to get it from official sources, such as the official website of the game developer or a trusted distribution platform. I called.
Related Posts: