Tech

Super Mario fangame gets hacked to distribute malware

Joel Loynds
mario but he's glitchedNintendo

An old Super Mario fangame has been hijacked to distribute malware to unsuspecting fans. Users have discovered multiple infections.

Super Mario 3: Mario Forever is an old fangame that remade the classic NES game with an updated art style and some additional features. It was released in 2003 and saw development until 2013. The fangame still remains quite popular, despite its age.

Over a decade on from the release of its final version, it appears hackers have hijacked and are distributing a malware-laden version to unsuspecting players.

As reported by Bleeping Computer, the researchers over at Cyble found that the malware is shared via “social engineering tactics” and an “exploit” of “users’ trust”. The hackers have also hidden the malware amongst the games’ large files, so unsuspecting players don’t immediately notice it.

Once on the PC, Cyble states that the Trojan horse virus could be used for illicit earnings. This could be done by stealing vital information or being used to conduct a ransomware attack.

Super Mario 3: Mario Forever infected with virus

A close up of Mario looking shocked in The Super Mario Bros. MovieUniversal Pictures

Inside the malware being shared is also other methods of making money off the infected user. This includes the following:

  • XMR miner
  • SupremeBot mining client
  • An open-source umbral stealer

As you can see, the listed programs found within Mario Forever mostly include methods of utilizing the victim’s PC to mine for cryptocurrency. It also features an umbral stealer, which can allow the theft of passwords or other data hidden on the PC.

The main issue is that the virus-infested version of the game is being bundled with legitimate files. Any unsuspecting user could accidentally download the game and be none the wiser. Once they start the installation process, the malicious data is then installed onto the PC.

Further, the application requests administer access to launch, meaning it has full reign to do as it sees fit once installed.

Everything is “dropped” during the installation and dumped into the Roaming folder on Windows. This folder isn’t easy to get to for novice users of the OS either, leaving victims to rely on anti-virus software like Malware Bytes to rid themselves of it.

If you get infected by this kind of malware, we usually recommend that you do a fresh install of Windows.

Related Topics

hackers

About The Author

Joel Loynds

E-Commerce Editor. You can get in touch with him over email: joel.loynds@dexerto.com. He's written extensively about video games and tech for over a decade for various sites. Previously seen on Scan, WePC, PCGuide, Eurogamer, Digital Foundry and Metro.co.uk. A deep love for old tech, bad games and even jankier MTG decks.

keep reading
Macbook Pro 15 Retina on table
Tech
Fake GTA 6 malware tricks Mac users into giving up passwords
Anurag Singh
chatgpt broken
Tech
Hundreds of ChatGPT jailbreaks for sale in “shadow forums” amid AI crime boom
Sayem Ahmed
hacker threat by anonymous sudan
Tech
Hacker groups reportedly team up to destroy European Banks in ‘world’s biggest cyber attack’
Michael Gwilliam
Overwatch
Overwatch streamer discovers cheater using unstoppable AI teammate
Michael Gwilliam
Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech