A trojanized version of Mario Forever that will make you wish you had never been born was recently discovered by security researchers.
Mario Forever, formerly known as Super Mario 3: Mario Forever) is a fan game released in 2003 that is free to play and was designed to replicate the look and feel of Nintendo’s original Super Mario Bros. Softendo, a website that claims to host free versions of Mario fan games—of which there appear to be a lot—is the official distributor. It has been downloaded numerous times in the millions.
Sadly, despite how enjoyable this game may sound, some of the available Windows versions have been infected with malware that is seriously uninteresting. In addition to transforming your hardware into an unwitting crypto-mining machine, this malicious program deploys a highly intrusive malware designed to steal virtually all of your computer’s data.
The researchers say that the malicious versions of the game are probably being distributed on gaming forums, but it is unclear exactly where they are coming from. Gaming and cheat forums have a bad reputation in the past and are frequently infected with malware that can seriously damage your computer if you aren’t careful.
The malware was first discovered and thoroughly examined by cybersecurity firm Cyble. The problematic program, according to security researchers, is a maliciously altered Mario fan game installer. The game is actually installed on the computer of the recipient by the program. Notwithstanding, it likewise unobtrusively introduces two other vindictive executables that are intended to set up a Monero-mining activity utilizing the casualty’s Windows equipment. Last but not least, Umbral Stealer, a data-stealing program, is downloaded from the program’s C-2 (the server that controls its malicious activities). According to a report from Bleeping Computer, this last program intends to steal “passwords and cookies containing session tokens, cryptocurrency wallets, and credentials and authentication tokens for Discord, Minecraft, Roblox, and Telegram.”
If gamers want to avoid a headache of epic proportions, as always, it may be in their best interest to steer clear of the more shady nooks and crannies of the internet.