An old Super Mario fangame has been hijacked to distribute malware to unsuspecting fans. Users have discovered multiple infections.
Super Mario 3: Mario Forever is an old fangame that remade the classic NES game with an updated art style and some additional features. It was released in 2003 and saw development until 2013. The fangame still remains quite popular, despite its age.
Over a decade on from the release of its final version, it appears hackers have hijacked and are distributing a malware-laden version to unsuspecting players.
As reported by Bleeping Computer, the researchers over at Cyble found that the malware is shared via “social engineering tactics” and an “exploit” of “users’ trust”. The hackers have also hidden the malware amongst the games’ large files, so unsuspecting players don’t immediately notice it.
Once on the PC, Cyble states that the Trojan horse virus could be used for illicit earnings. This could be done by stealing vital information or being used to conduct a ransomware attack.
Super Mario 3: Mario Forever infected with virus
Inside the malware being shared is also other methods of making money off the infected user. This includes the following:
Subscribe to our newsletter for the latest updates on Esports, Gaming and more.
- XMR miner
- SupremeBot mining client
- An open-source umbral stealer
As you can see, the listed programs found within Mario Forever mostly include methods of utilizing the victim’s PC to mine for cryptocurrency. It also features an umbral stealer, which can allow the theft of passwords or other data hidden on the PC.
The main issue is that the virus-infested version of the game is being bundled with legitimate files. Any unsuspecting user could accidentally download the game and be none the wiser. Once they start the installation process, the malicious data is then installed onto the PC.
Further, the application requests administer access to launch, meaning it has full reign to do as it sees fit once installed.
Everything is “dropped” during the installation and dumped into the Roaming folder on Windows. This folder isn’t easy to get to for novice users of the OS either, leaving victims to rely on anti-virus software like Malware Bytes to rid themselves of it.
If you get infected by this kind of malware, we usually recommend that you do a fresh install of Windows.