{"id":25857,"date":"2023-06-30T17:07:10","date_gmt":"2023-06-30T11:37:10","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/mario-forever-malware-too\/25857\/"},"modified":"2023-06-30T17:07:10","modified_gmt":"2023-06-30T11:37:10","slug":"mario-forever-malware-too","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/mario-forever-malware-too\/25857\/","title":{"rendered":"Mario Forever, malware too: a free game with a miner and Trojans inside"},"content":{"rendered":"

We often talk about the perils of downloading pirated versions of games, since they may harbor malware. But they aren\u2019t the only threat. Nasty surprises can pop up in free-to-play games, too, which is what happened just recently with Super Mario 3: Mario Forever<\/em>. But first things first\u2026<\/p>\n

Malware in free-to-play Super Mario 3: Mario Forever<\/strong><\/em><\/h2>\n

The Super Mario<\/em> series (aka Super Mario Bros.<\/em> or simply Mario<\/em>) is one of the best-loved gaming universes. In its 38 years of existence there\u2019ve been 24 original games in the main series alone, not to mention dozens of remakes and remasters. Besides that, there are seven spin-off series adding scores of games to the Mario<\/em> universe. That said, they do all have one thing in common: all of these games \u2014 save for the rarest of exceptions<\/a> \u2014 were officially released solely on Nintendo\u2019s own platforms.<\/p>\n

So what do you do if you want to play Mario<\/em> on your computer? You have to download either a PC port or a so-called fangame. Bear in mind, however, that neither option is official or available for download on Nintendo\u2019s own website.<\/p>\n

Therefore, the search can often lead down some dark corridors, where enterprising-yet-dodgy types might slip you something malicious instead of a game. Something like this just happened with the free game Super Mario 3: Mario Forever<\/em>, created by fans<\/a>. Experts found versions of the game that infected the victim\u2019s computer with several kinds of malware<\/a> all at once.<\/p>\n

What\u2019s inside the infected Mario Forever<\/strong><\/em><\/h2>\n

The attack chain is as follows: when the Mario Forever<\/em> distribution kit is launched, the game gets installed on the computer, together with the SupremeBot<\/em> mining client and a malicious Monero (XMR) miner. The mining client then installs another piece of malware on the computer \u2014 the Umbral<\/em> stealer.<\/p>\n

Umbral<\/em> earns its crust by stealing almost any information of value that it can find on the victim\u2019s machine: browser-stored credentials, cryptowallet keys, as well as session tokens \u2014 small files by which a site or online service remembers you so there\u2019s no need to keep logging in (a bit like cookies). Umbral<\/em> is particularly fond of hunting Discord<\/em>, Telegram<\/em>, Roblox<\/em> and Minecraft<\/em> tokens. Besides, the stealer can get webcam footage and screenshots from the infected computer. All in all, a particularly nasty piece of malware with wide-ranging functionality.<\/p>\n

The result is a Pandora\u2019s box of troubles for victims of the infected Super Mario 3: Mario Forever<\/em>. First, their computers become sluggish and consume more power than usual due to background mining. Second, they\u2019re at risk of account hijacking due to Umbral<\/em> stealing their passwords. Third, and worst of all: if any cryptowallet private keys are stored on the computer, this threatens direct financial loss.<\/p>\n

Gamer-attacking malware<\/h2>\n

In general, this problem is quite widespread. Pirated and free games from dubious sources are ideal territory for malicious miners. Gaming computers tend to be high-spec \u2014 especially the graphics card, which is what\u2019s needed for mining in the first place.<\/p>\n

This means they\u2019re far better suited to mining cryptocurrency behind the user\u2019s back than some boringly slow office machine. Detecting a hidden miner on your own is quite a hard job \u2014 one that requires a good antivirus.<\/p>\n

Incidentally, the above-mentioned Roblox<\/em> and Minecraft<\/em>, for which Umbral<\/em> likes to steal account session tokens, traditionally top the rankings of games most targeted by cybercriminals<\/a>: from phishers to malware spreaders. Most recently, we wrote about how the Fractureiser<\/em> stealer was distributed under the guise of Minecraft mods<\/a>.<\/p>\n

Protect yourself!<\/h2>\n

Finally, a few tips for gamers on how not to fall victim to cybercriminals:<\/p>\n