Content

Events
About

Super Mario game used to spread malware

Olivia Powell | 06/28/2023

A Trojanized installer for the popular Nintendo fan game Super Mario Forever has been used to spread malware.

This discovery was made cyber security company Cyble. Cyble’s researchers found that malicious actors were spreading a Monero (XMR) miner, a SupremeBot mining client and an open-source Umbral stealer all bundled with a legitimate installer for Super Mario Forever. 

Once successfully installed on a device and the game is launched, the malware then secretly executes malware files on the infected device. The XMR miner uses the infected device to mine for the cryptocurrency Monero. The miner operates discreetly in the background processes of the device, meaning the unauthorized mining is hidden from the victim.  
 
The XMR miner also harvests data from the victim’s computer, including the computer name, username, graphics processing unit and central processing unit and transfers it to a command and control center.

The SupremeBot mining client executes processes on the infected device to retrieve and execute malicious data-stealing software from a command and control center to the device. This then unloads the Umbral stealer onto the device’s process memory. The Umbral stealer then rapidly collects data off the device and sends it to the malicious actor who uploaded the Trojanized software via instant messaging platform Discord using webhooks.

Cyble noted that the Umbral stealer can execute the following processes:

  • Capturing screenshots  
  • Retrieving browser passwords and cookies  
  • Capturing webcam images  
  • Obtaining telegram session files and discord tokens  
  • Acquiring Roblox cookies and Minecraft session files  
  • Collecting files associated with cryptocurrency wallets.

Together, this malicious payload bundle can significantly impact victims, both monetarily via stolen cryptocurrency or fraudulent bank transfers and materially, through the impact crypto mining will have on their device. This is because crypto mining massively disrupts a system’s processes as well as depleting its resources.

Learn more about Trojanized malware with Cyber Security Hub’s ultimate guide to malware. 

Upcoming Events


15th Annual Automotive Cybersecurity Detroit 2025

March 11 - 13, 2025
The Henry Hotel, Dearborn, Michigan, US
Register Now | View Agenda | Learn More


Digital Identity Week

09 - 10 September, 2025
Sydney, Australia
Register Now | View Agenda | Learn More

MORE EVENTS