[German]Another small addendum in terms of security. At the end of June 2023, security researchers from Cyble issued a warning about a Super Mario Game installer. Security researchers have come across a corresponding installer that contains a Trojan and spreads the SupremeBot malware.
Advertising
Super Mario: Still Popular
The game Super Mario has been around since the 80s, but is still quite popular. The video game series is known for its jump'n'run gameplay, its vivid graphics, its memorable characters and its rousing music. Over the years, the series has constantly evolved, introducing new game mechanics, power-ups and levels in different titles and game consoles.
Since their beginnings in the 1980s, the Super Mario games have gained a huge following worldwide, and millions of gamers around the world enjoy the immersive experiences they offer. With new games and an animated movie, the series arguably recently experienced a renewed surge in popularity.
Game installers as malware slingers
This popularity is also adopted by threat actors, who then prepare installers for such games with malware and then offer them for download. The threat actors use game installers to spread various malware. The background is that games have a wide user base and users generally trust game installers as legitimate software.
The social engineering tactics that TAs use exploit users' trust and trick them into downloading and running malicious game installers. The large file size and complexity of games provide TAs with the opportunity to hide malware in them.
Malware spread via game installers can be monetized through activities such as confidential information theft, ransomware attacks, and more. In the past, Cyble Research and Intelligence Labs (CRIL) has discovered several malware campaigns that specifically target gamers and their game-related applications, including Enlisted, MSI Afterburner, FiveM Spoofer, and others.
Advertising
Super Mario Bros Trojan Installer
Recently, CRIL identified a Trojanized installer for the game Super Mario Bros. This installer contains malicious components right away. Among them are an XMR miner, the SupremeBot mining client, and the open-source stealer Umbral. The malware files were found together with a legitimate installation file of super-mario-forever-v702e. This incident highlights another reason why threat actors use game installers as a distribution mechanism: The powerful hardware commonly associated with games provides valuable computing power for mining cryptocurrencies. Details on this case or a technical analysis can be found on this Cyble page after registration.
Advertising
