Published: October 12, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Would you like to play a game? If you’re considering taking a turn at playing one on your Windows PC, you should also consider the findings of a recent report from researchers at Cyble. Following the Super Mario Brothers movie and ahead of the release of the new Nintendo Super Mario Bros: Wonder game for the Nintendo Switch, they uncovered a version of the Super Mario 3: Mario Forever installer being abused by hackers to infect systems with all kinds of bad guy cheats.
Upon downloading and extracting the game to a user's PC, a package contains three executables. One of them installs the legitimate game, while the other two, named "java.exe" and "atom.exe," are surreptitiously installed in the user's AppData directory without their knowledge. Once it’s penetrated the fortress of your systems, it gets to work not to save Princess Peach, but to wreak havoc on your device.
The first executable is used to mine Monero cryptocurrency, utilizing the infected PC's resources for the hackers' benefit. The second executable, called "SupremeBot," downloads an additional payload named "winme.exe" from a command and control (C&C) server operated by the hackers. This additional payload poses a more significant threat as it contains the Umbral Stealer, which is capable of extracting passwords and cookies containing session tokens from the user's browser. That means, it can steal your stuff!
But wait! It doesn't stop there; it can also pilfer funds from cryptocurrency wallets and steal authentication tokens for popular platforms like Discord, Minecraft, Roblox, and Telegram.
What makes Umbral Stealer even more concerning is its ability to capture screenshots of a Windows desktop and access the user's webcam, effectively spying on them without detection by Windows Defender anti-malware software; which by the way, you should have active and updated on your Windows systems.
Finally, the malware may thwart the best of all the antivirus (AV) software by blocking communication with the developers’ sites, thereby reducing the effectiveness of their protection.
What can you do? First, don’t download the game. While earlier versions of this fan-made remake of the 2003 game are fine, it’s been taken over by the bad guys lately. So, avoid it on the PC. Instead, if you really want to try it, use it on a Nintendo Switch.
If you have downloaded it to your PC lately, do a thorough malware scan and remove files found by your AV software. Don’t forget to update your AV first to make sure you have the latest version. Even if you downloaded it ages ago, it’s still a good idea to scan and make sure all is well.
If you find that your PC was compromised, you should change your gaming passwords. Make sure each account you have, whether gaming or not, has its own unique password with a combo of letters, numbers, and special characters.
Because gamers have long been and will continue to be targets for cybercriminals, stick to downloading games from trustworthy sources and the official app stores for your devices.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org