![](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/06\/30072838\/mario-forever-malware-too-featured.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Alanna Titterington| Date: Fri, 30 Jun 2023 11:36:52 +0000<\/strong><\/p>\n We often talk about the perils of downloading pirated versions of games, since they may harbor malware. But they aren’t the only threat. Nasty surprises can pop up in free-to-play games, too, which is what happened just recently with Super Mario 3: Mario Forever<\/em>. But first things first\u2026<\/p>\n The Super Mario<\/em> series (aka Super Mario Bros.<\/em> or simply Mario<\/em>) is one of the best-loved gaming universes. In its 38 years of existence there’ve been 24 original games in the main series alone, not to mention dozens of remakes and remasters. Besides that, there are seven spin-off series adding scores of games to the Mario<\/em> universe. That said, they do all have one thing in common: all of these games \u2014 save for the rarest of exceptions<\/a> \u2014 were officially released solely on Nintendo’s own platforms.<\/p>\n So what do you do if you want to play Mario<\/em> on your computer? You have to download either a PC port or a so-called fangame. Bear in mind, however, that neither option is official or available for download on Nintendo’s own website.<\/p>\n Therefore, the search can often lead down some dark corridors, where enterprising-yet-dodgy types might slip you something malicious instead of a game. Something like this just happened with the free game Super Mario 3: Mario Forever<\/em>, created by fans<\/a>. Experts found versions of the game that infected the victim’s computer with several kinds of malware<\/a> all at once.<\/p>\n The attack chain is as follows: when the Mario Forever<\/em> distribution kit is launched, the game gets installed on the computer, together with the SupremeBot<\/em> mining client and a malicious Monero (XMR) miner. The mining client then installs another piece of malware on the computer \u2014 the Umbral<\/em> stealer.<\/p>\n Umbral<\/em> earns its crust by stealing almost any information of value that it can find on the victim’s machine: browser-stored credentials, cryptowallet keys, as well as session tokens \u2014 small files by which a site or online service remembers you so there’s no need to keep logging in (a bit like cookies). Umbral<\/em> is particularly fond of hunting Discord<\/em>, Telegram<\/em>, Roblox<\/em> and Minecraft<\/em> tokens. Besides, the stealer can get webcam footage and screenshots from the infected computer. All in all, a particularly nasty piece of malware with wide-ranging functionality.<\/p>\n The result is a Pandora’s box of troubles for victims of the infected Super Mario 3: Mario Forever<\/em>. First, their computers become sluggish and consume more power than usual due to background mining. Second, they’re at risk of account hijacking due to Umbral<\/em> stealing their passwords. Third, and worst of all: if any cryptowallet private keys are stored on the computer, this threatens direct financial loss.<\/p>\n In general, this problem is quite widespread. Pirated and free games from dubious sources are ideal territory for malicious miners. Gaming computers tend to be high-spec \u2014 especially the graphics card, which is what’s needed for mining in the first place.<\/p>\n This means they’re far better suited to mining cryptocurrency behind the user’s back than some boringly slow office machine. Detecting a hidden miner on your own is quite a hard job \u2014 one that requires a good antivirus.<\/p>\n Incidentally, the above-mentioned Roblox<\/em> and Minecraft<\/em>, for which Umbral<\/em> likes to steal account session tokens, traditionally top the rankings of games most targeted by cybercriminals<\/a>: from phishers to malware spreaders. Most recently, we wrote about how the Fractureiser<\/em> stealer was distributed under the guise of Minecraft mods<\/a>.<\/p>\n Finally, a few tips for gamers on how not to fall victim to cybercriminals:<\/p>\nMalware in free-to-play Super Mario 3: Mario Forever<\/strong><\/em><\/h2>\n
What’s inside the infected Mario Forever<\/strong><\/em><\/h2>\n
Gamer-attacking malware<\/h2>\n
Protect yourself!<\/h2>\n
\n