Researchers have discovered a Trojanized Super Mario Bros game installer that delivers multiple forms of malware, including an XMR miner, SupremeBot mining client and Umbral Stealer.
Attackers bundled the malicious code with a legitimate installer file named "super-mario-forever-v702e." Gamers are often targeted due to their powerful hardware, which is suitable for mining cryptocurrencies. The tampered NSIS installer file, "Super-Mario-Bros.exe," contains three executables: the legitimate Super Mario application, as well as the malicious executables "java.exe" and "atom.exe." When executed, the installer drops and launches the legitimate executable, while the XMR miner and SupremeBot run in the background. The malware connects to a mining server, gathers system information, establishes a connection to a command-and-control server, and retrieves an info-stealing executable that loads Umbral Stealer into memory...Read More!
