Additionally, it disables Windows Defender to evade detection if tamper protection is inactive. The Umbral Stealer is capable of stealing sensitive user data from the targeted device, which includes stored cookies and passwords, session tokens, credentials from cryptocurrency wallets, and authentication tokens for other platforms or games. Malware-infected Super Mario game installer (left) – Malware files upon installation (right) – Screenshots credit: Cyble This is followed by fetching the “wime.exe” executable, an open-source Umbral Stealer. Once this is done, a connection to the C2 server is established to transmit data information, register the client, and obtain the required configuration to start cryptocurrency mining. SupremeBot has to fetch another executable, “wime.exe,” after establishing a connection to a C2 server.Īfter the malicious installer file “super-mario-forever-v702e” is installed on the system, it launches an XMR miner and a SupremeBot mining program through two files.
Gamers trust these installers, considering them legitimate software, but social engineering can allow attackers to exploit this trust and trick gamers into downloading malware. Threat actors prefer to exploit game installers for delivering malware due to their extensive user base, powerful hardware, and large file size, which allows them to easily hide malware. Researchers have noted that game installers have emerged as a lucrative way to maximize monetary gains. The malware hidden inside the installer can perform various malicious tasks, such as stealing sensitive data, deploying cryptocurrency miners, and launching ransomware. Recently, Cyble researchers discovered a trojanized version of the Super Mario 3: Mario Forever installer. The malware has the potential to target large-scale victims since games like Super Mario 3 are famous among and adored by children around the world.
0 kommentar(er)
