Super Mario fangame gets hacked to distribute malware

mario but he's glitchedNintendo

An old Super Mario fangame has been hijacked to distribute malware to unsuspecting fans. Users have discovered multiple infections.

Super Mario 3: Mario Forever is an old fangame that remade the classic NES game with an updated art style and some additional features. It was released in 2003 and saw development until 2013. The fangame still remains quite popular, despite its age.

Over a decade on from the release of its final version, it appears hackers have hijacked and are distributing a malware-laden version to unsuspecting players.

Article continues after ad

As reported by Bleeping Computer, the researchers over at Cyble found that the malware is shared via “social engineering tactics” and an “exploit” of “users’ trust”. The hackers have also hidden the malware amongst the games’ large files, so unsuspecting players don’t immediately notice it.

Once on the PC, Cyble states that the Trojan horse virus could be used for illicit earnings. This could be done by stealing vital information or being used to conduct a ransomware attack.

Article continues after ad

Super Mario 3: Mario Forever infected with virus

A close up of Mario looking shocked in The Super Mario Bros. MovieUniversal Pictures

Inside the malware being shared is also other methods of making money off the infected user. This includes the following:

Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech
  • XMR miner
  • SupremeBot mining client
  • An open-source umbral stealer

As you can see, the listed programs found within Mario Forever mostly include methods of utilizing the victim’s PC to mine for cryptocurrency. It also features an umbral stealer, which can allow the theft of passwords or other data hidden on the PC.

The main issue is that the virus-infested version of the game is being bundled with legitimate files. Any unsuspecting user could accidentally download the game and be none the wiser. Once they start the installation process, the malicious data is then installed onto the PC.

Article continues after ad

Further, the application requests administer access to launch, meaning it has full reign to do as it sees fit once installed.

Everything is “dropped” during the installation and dumped into the Roaming folder on Windows. This folder isn’t easy to get to for novice users of the OS either, leaving victims to rely on anti-virus software like Malware Bytes to rid themselves of it.

If you get infected by this kind of malware, we usually recommend that you do a fresh install of Windows.

Article continues after ad

Related Topics