Mario Fan Game Virus Turns Your PC Into Unwitting Crypto Miner

June 27, 2023
398 views

Security researchers recently discovered a trojanized version of Mario Forever that will make you wish you’d never been born.

Mario Forever (also called Super Mario 3: Mario Forever) is a free-to-play 2003 fan game that was created to mimic the style and imagery of Nintendo’s original Super Mario Bros. It is officially distributed by Softendo, a website that claims to host free versions of Mario fan games (of which there are apparently quite a few). It has been downloaded millions and millions of times.

Advertisement

Unfortunately, as fun as this game may sound, some circulating Windows versions of it have been laced with a hidden malware that is seriously not fun. Not only is this malicious program designed to convert your hardware into an unwitting crypto-mining machine, but it also deploys a highly invasive malware designed to steal pretty much all of the information on your computer.

It’s unclear exactly where the malicious versions of the game are coming from, although they’re likely being distributed on gaming forums, per the researchers. Historically speaking, gaming and cheat forums can be quite sketchy, and are often riddled with malware that will seriously bork your computer if you’re not careful.

Advertisement Advertisement

Cybersecurity firm Cyble originally discovered the malware and wrote an in-depth analysis of how it works. According to the security researchers , the problematic program is an installer of the Mario fan game that has been maliciously modified. The program does, in fact, install the game onto the recipient’s computer. However, it also quietly installs two other malicious executables that are designed to set up a Monero-mining operation using the victim’s Windows hardware. Finally, the program also downloads an additional payload from its C-2 (the server directing its malicious activities), which is a data-pilfering program known as Umbral Stealer. This last program sets about stealing a whole bunch of stuff from your browser you really don’t want stolen—“passwords and cookies containing session tokens, cryptocurrency wallets, and credentials and authentication tokens for Discord, Minecraft, Roblox, and Telegram,” Bleeping Computer reports.

As always, it might be wise for gamers to avoid the shadier byways of the internet if they want to avoid a headache of epic proportions.

Source: Gizmodo