Super Mario 3 Mario Forever malware

A trojanised Super Mario Bros game installer for Windows is spreading multiple malware that can steal passwords, banking card information and mines for cryptocurrency.

Super Mario 3: Mario Forever is a popular free-to-play game for Windows developed by Buziol Games. Released in 2004, the PC game is a remake of the iconic Nintendo game. The developers released several updates for bug fixes, with the latest version in 2020. According to its site, it has received over 7 million downloads.

Now, Cyble cybersecurity analysts discovered an infected version spreading online, executing malware including an XMR miner, SupremeBot mining client and open-source Umbral infostealer. Threat actors trick unsuspecting games by including a legitimate file of Super Mario 3, all while the malware gets to work.

Super Mario Game Malware
Super Maio 3 GUI via Cyble

According to the report (via BleepingComputer), “java.exe” and “atom.exe” installers execute an XMR (Monero) miner and SupremeBot mining client for cryptocurrency. The “java.exe” file gathers system information and starts mining on a crypto mining server, while “atom.exe” copies and hides in the game’s folder, establishes a C2 server connection, and starts mining Monero.

There’s also an Umbral Stealer infostealer malware included in the installer. The known malicious software can steal stored web browser data, including login credentials, cryptocurrency wallets, cookies and authentication tokens for platforms including Discord, Telegram, Minecraft and Roblox.

Moreover, the Umbral Stealer can also remotely access webcams and take screenshots. This makes the Super Mario game a considerable risk to unaware gamers looking to install the game.

The malicious game installer is expected to spread through gaming forums, malvertising, dodgy social media groups and more. The malware file reportedly disrupts the communication of antivirus software with the company sites, preventing their usual activities on the device.

Super Mario installer malware
Super Mario installer malware diagram via Cyble

How to stop Super Mario Installer

If you’ve recently installed Super Mario 3: Mario Forever on your Windows PC, it’s best to run a scan using an antivirus to check for any malware. You may also want to check for “java.exe” and “atom.exe” within the installer. If anything is detected, delete the game and change your accounts’ passwords to ensure any private information stolen from malicious actors can’t be used.

Use antivirus software to protect your device

The best antivirus software can help detect and protect you from all types of malware, including infostealers and miners such as SupremeBot and Umbral Stealer.

Many AV come with a suite of security features that can get rid of virus, malware, ransomware, spyware or any malicious software that burrows into your device or web browser. Some antivirus software, such as Bitdefender, offers security subscriptions specifically for devices such as a PC, iPhone or Android, making it a more cost-effective option.

We recommend trusted AV software including Avast One, Norton 360 and Bitdefender, as they can efficiently detect and remove malware on your device. Check out our thoughts on each AV below.

Perform a safety check

1. On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.

Google Chrome Settings

2. Select Privacy and security in the right-hand toolbar.

3. Under Safety check, click Check now (or the arrow to perform it again).

Malware on Google how to remove

If Chrome finds any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.

1. In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).

Malware on CHrome how to remove

2. Select Enhanced protection to turn it on.

Google Chrome Advanced security

What is infostealer malware?

Information-stealing malware, or infostealer, is a type of malware that gathers information on an infected device to send to a threat actor. It targets login credentials saved in browsers, browsing history, credit card and crypto wallet information, location data, device information, emails, social media platforms and instant messaging clients – anything valuable.

Stolen data is collected in logs and sent to the attacker. Account details and banking card information are the most sought after, as threat actors can use this information for themselves or sell it on dark web markets. Infostealer logs are hugely profitable in underground marketplaces, making them a popular form of malware.

The first sign of infostealers came about in 2007 when cybersecurity analysts detected a Trojan malware called ZeuS, or Zbot. This program aims to steal user credentials and banking information on Microsoft Windows devices to exploit individuals and organisations. It affected users around the globe, leading to the theft of billions of dollars due to its ease of installation and availability as a Malware-as-a-Service (MaaS).

From there, variants of infostealer malware became more widespread. This includes the infamous Racoon infostealer, Vidar, Mars Stealer, BlackGuard and Redline Stealer. Recently, security researchers have seen them being used to steal ChatGPT accounts. This showcases the rise of malicious threat actors using infostealers to gain private data.

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here