The trojanized Super Mario Bros. game installer was found to contain multiple malicious components, including an XMR miner, SupremeBot mining client, and the open-source Umbral Stealer.
The discovery comes from a security researcher at Cyble Research and Intelligence Labs (CRIL), who described the threat in an advisory published last Friday.
According to technical documentation, this malicious campaign utilizes powerful hardware commonly associated with games to mine cryptocurrencies and steal sensitive information.
“The malware file was found bundled with the legitimate installer file for super-mario-forever-v702e,” CRIL explained. “This incident highlights another reason for TA.” [threat actors] Utilizes the game installer as a delivery mechanism. “
Read more about a similar attack: Trojanized installer used to distribute Bumblebee malware
The attack chain begins with a trojanized Super Mario Bros. game installer bundled with a legitimate installer file, delivering a malicious payload to unsuspecting users.
Upon execution, the malware silently drops files and starts executing. The dropped files include her XMR miner, which utilizes the victim’s computing resources for cryptocurrency mining, and the SupremeBot mining client responsible for managing the mining process.
The malware also deploys an open-source information stealer, Umbral Stealer, to steal computer name, username, GPU, CPU, and other data from the victim’s system. The stolen data is sent to the attacker’s command and control server (C2).
According to CRIL, the combination of mining activity and information theft causes economic loss, slow system performance, and resource exhaustion.
“As a result, both individual users and organizations will experience severe productivity losses,” the advisory reads.
To protect against such threats, the company encourages users and organizations to monitor system performance, implement strict security policies, refrain from downloading software from untrusted sources, and use reliable antivirus software. I advised you.
“CRIL closely monitors the latest malware variants in circulation and ensures continuous updates of the blog with actionable intelligence to protect users from such attacks,” the advisory concludes. attached.
Editorial image credit: Andrei Armiagov / Shutterstock.com
