A widely popular fan-made game based on Nintendo’s Super Mario franchise, known as Super Mario 3: Mario Forever, has reportedly been found carrying malware that can hijack users’ crypto wallets and even secretly install crypto mining software. According to Cyble Research & Intelligence Labs, the legitimate installer for the game comes with an additional payload, loaded with malicious software that can steal data from infected computers and run resource-intensive crypto mining software in the background.
First launched in 2004 via the Softendo website, Mario Forever is an unofficial game that mimics the classic Super Mario side-scrolling games by providing dozens of free levels. A CNET Downloads listing reveals that more than 17 million downloads have been counted to date through that website alone.
Cyble’s report states that the game’s installer also includes XMR Miner, software that covertly runs a XMR cryptocurrency miner on users’ computers. This could use up a computer’s resources unknowingly to generate crypto for the malicious actor involved. It is worth noting that Monero, a “privacy coin,” particularly conceals transaction details from public view.
In addition, the game installer incorporates a file that ultimately leads to the download and installation of Umbral Stealer. Described by Cyble as a “lightweight and efficient information stealer,” the software can collect users’ passwords, private information, images from webcams, and even crypto wallet data. The research firm indicates that Umbral Stealer targets Ethereum, Zcash, Bytecoin wallets, and specifically, Atomic Wallet.
Although Super Mario 3: Mario Forever is not an official Nintendo game, its long-lasting reputation as a prominent fan creation and the ongoing appeal of the Mario franchise mean that people may continue downloading and installing the game nearly 20 years after its original freeware release.
This is not the first time Mario Forever has been associated with scams that compromise users’ computers. As per a report from Protos, the game has previously been investigated for carrying malware and Trojan horses embedded within the seemingly legitimate installer. Softendo, the publisher of Super Mario 3: Mario Forever, was reached for comment but did not immediately respond.
The concerns surrounding the game highlight the importance of exercising caution when downloading and installing software, particularly from unofficial sources, in order to protect sensitive data and avoid falling victim to cyber threats.
Source: Decrypt