The NSIS installer file “Super-Mario-Bros.exe” has been tampered with and turned into a trojanized version of a Super Mario game installer. Figure 4 – compromised Super Mario game installer file icon The icon displayed below depicts the installer application of the trojanized Super Mario game. Figure 2 – Infection chainįor this technical analysis, we analyzed a sample called “Super-Mario-Bros.exe” with SHA265 as e9cc8222d121a68b6802ff24a84754e117c55ae09d61d54b2bc96ef6fb267a54, which is a 32-bit Nullsoft Installer (NSIS) self-extracting archive executable file. The image below shows the infection chain of the compromised Super Mario Game installer delivering Umbral Stealer. The figure below illustrates the GUI of the Super Mario Forever game following a successful installation. Since its inception in the 1980s, Super Mario games have garnered a massive global following, with millions of players worldwide delighting in the immersive experiences they provide. Over the years, the franchise has continuously evolved, introducing fresh game mechanics, power-ups, and levels across various titles and gaming consoles. The franchise recently saw a resurgence in popularity with new games and an animated movie. Super Mario is an extremely popular video game franchise celebrated for its platforming gameplay, vibrant visuals, unforgettable characters, and captivating music. This incident highlights another reason TAs utilize game installers as a delivery mechanism: the powerful hardware commonly associated with gaming provides valuable computing power for mining cryptocurrencies. The malware files were found bundled with a legitimate installer file of super-mario-forever-v702e. Recently, CRIL identified a trojanized Super Mario Bros game installer that delivers multiple malicious components, including an XMR miner, SupremeBot mining client, and the Open-source Umbral stealer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |