Figure 2 – Infection chainįor this technical analysis, we analyzed a sample called “Super-Mario-Bros.exe” with SHA265 as e9cc8222d121a68b6802ff24a84754e117c55ae09d61d54b2bc96ef6fb267a54, which is a 32-bit Nullsoft Installer (NSIS) self-extracting archive executable file. The image below shows the infection chain of the compromised Super Mario Game installer delivering Umbral Stealer. The figure below illustrates the GUI of the Super Mario Forever game following a successful installation. Since its inception in the 1980s, Super Mario games have garnered a massive global following, with millions of players worldwide delighting in the immersive experiences they provide. Over the years, the franchise has continuously evolved, introducing fresh game mechanics, power-ups, and levels across various titles and gaming consoles.
The franchise recently saw a resurgence in popularity with new games and an animated movie. Super Mario is an extremely popular video game franchise celebrated for its platforming gameplay, vibrant visuals, unforgettable characters, and captivating music. This incident highlights another reason TAs utilize game installers as a delivery mechanism: the powerful hardware commonly associated with gaming provides valuable computing power for mining cryptocurrencies. The malware files were found bundled with a legitimate installer file of super-mario-forever-v702e. Recently, CRIL identified a trojanized Super Mario Bros game installer that delivers multiple malicious components, including an XMR miner, SupremeBot mining client, and the Open-source Umbral stealer. Previously, Cyble Research and Intelligence Labs (CRIL) has discovered several malware campaigns that specifically target gamers and their game-related applications, including Enlisted, MSI Afterburner, FiveM Spoofer, and others. Malware distributed through game installers can be monetized through activities like stealing sensitive information, conducting ransomware attacks, and more. The large file size and games’ complexity provide TAs opportunities to hide malware within them. The social engineering tactics that TAs use exploit users’ trust and entice them to download and run malicious game installers. Threat Actors (TAs) use game installers to spread various malware because games have a wide user base, and users generally trust game installers as legitimate software. SupremeBot Pushes Umbral Stealer to Maximize Monetary Gain
0 kommentar(er)
