Cyble security has identified a weaponised version of Super Mario Bros being used to install crypto-mining and info-stealing malware on victim PCs. The threat actors behind the attack are taking advantage of the game’s broad user base in order to inflict financial and operational loss.

There are various malware strains in play:

XMR Miner

The XMR (a.k.a Monero) miner operates without the user’s knowledge and uses the victim computer’s processing power to compute crypto-mining calculations so that it can earn Monero coins.

Umbral Stealer

Umbral is an open-source information stealer that is written in C# and is available on GitHub. It captures data and sends it using Discord webhooks to the threat actor behind the attack. It can:

  • Capture screenshots
  • Capture webcam images
  • Retrieve browser passwords and cookies
  • Obtain Telegram session files and Discord tokens
  • Acquire Roblox cookies and Minecraft session files

And targets the following crypto wallets:

  • Zcash
  • Armory
  • Bytecoin
  • Jaxx
  • Exodus
  • Ethereum
  • Electrum
  • AtomicWallet
  • Guarda
  • Coinomi
“The combination of mining and stealing activities leads to financial losses, a substantial decline in the victim’s system performance, and the depletion of valuable system resources. As a consequence, both individual users and organizations suffer severe productivity setbacks,” Cyble stated.

Individuals and organisations are recommended to only download software from legitimate sources.