If you recently downloaded the video game Super Mario 3: Mario Forever for Windows, you might want to check to see if you got more than you bargained for. Attackers have bundled malware into a version being distributed via gaming forums, social media groups, or pushed to users via malvertizing.

The malware targets information stored in web browsers, like stored passwords and cookies containing session tokens, cryptocurrency wallets, and credentials and authentication tokens for Discord, Minecraft, Roblox, and Telegram. It can also create screenshots of the victim's computer screen or use connected webcams to capture media.

The info-stealing malware is capable of evading Windows Defender by disabling the program if tamper protection is not enabled. Otherwise, it adds its process to the Defender's exclusion list.

Additionally, the malware modifies the Windows hosts file to impair the communication of popular antivirus products with company sites, preventing their regular operation and effectiveness.

Take aways:

1. Keep work computers and “play” computers separate. Multi-use computers pose too much risk given today’s cyber landscape.

2. When downloading games or any software, make sure to do so from official sources like the publisher's website or trustworthy digital content distribution platforms.

3. Scan downloaded executables using your antivirus software before launching them and keep your security tools up to date.

Definition

Malvertizing - Short for malicious advertising, is the use of online advertising to spread malware. It involves injecting malicious code into legitimate online advertisements, which then infects the computers or devices of users who click on the ad. Malvertizing can also refer to the use of fake or misleading ads to trick users into downloading malware or visiting malicious websites.

Source: Cyble Research & Intelligence Labs, Bleeping Computer

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.