Excited about Super Mario Bros. Wonder? Don’t download this fan-made Mario game with malware

Mario (voiced by Chris Pratt) in the Super Mario Movie, surrounded by mushrooms.
(Image credit: Illumination/Nintendo via YouTube)

While the Nintendo Switch 2 hasn’t been announced yet, Nintendo did unveil a brand new Mario game during its latest Nintendo Direct. However, while Super Mario Bro. Wonder is set to be released in October, PC gamers could accidentally end up infecting their computers with malware by downloading this fan-made Mario game.

As reported by BleepingComputer, a trojanized installer of the popular Super Mario 3: Mario Forever game for Windows is currently making the rounds online and installing it on your PC could lead to multiple malware infections.

For those unfamiliar, Super Mario 3: Mario Forever is a fan-made remake of the classic Nintendo game which was released all the way back in 2003. In the years since, it has seen quite a few updates and has been downloaded by millions.

Unfortunately though, hackers are now distributing a modified version of Super Mario 3: Mario Forever’s installer that can leave your PC running poorly and put your data at risk of being stolen.

Stealing data and mining for crypto

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

In a new report, researchers from the cybersecurity firm Cyble have revealed that they have discovered a modified version of the Super Mario 3: Mario Forever installer that has been trojanized by hackers.

Once downloaded and extracted on a user’s PC, the archive itself contains three executables including one that installs the actual game along with two others: “java.exe” and “atom.exe.” These other executables are installed in a user’s AppData directory without their knowledge.

Once installed, the first executable uses an infected PC’s resources to mine for Monero while the other called “SupremeBot” is used to download an additional payload called “winme.exe” from a command and control (C&C) server controlled by the hackers behind this campaign.

This additional payload is even more dangerous as it contains the Umbral Stealer which is an info-stealing malware capable of stealing password and cookies containing session tokens from your browser. However, it can also steal money from cryptocurrency wallets as well as authentication tokens for Discord, Minecraft, Roblox and Telegram.

To make matters worse, Umbral Stealer can even take screenshots of a Windows desktop and use your webcam to spy on you while avoiding detection by Windows Defender. At the same time, it also prevents the best antivirus software from communicating with company sites which makes their protection less effective.

How to stay safe if you’ve installed this fan-made Mario game on your PC

When it comes to playing classic Mario games, the best way to do so is on your Nintendo Switch with a Nintendo Switch Online membership. While we would love to see the Japanese gaming company bring its titles to PC like Sony has done with PlayStation games, that likely won’t happen any time soon.

If you downloaded Super Mario 3: Mario Forever recently, you’re going to want to give your computer a full scan for malware and remove anything your antivirus software finds. Those that downloaded the popular game in the past should be safe but running a quick scan is always a good idea regardless.

However, if you decided to install Super Mario 3: Mario Forever to pass the time until Super Mario Bros. Wonder comes out and did end up with a malware infection, you’re also going to want to reset all of your passwords and one of the best password managers can make this process much easier. The hackers behind this campaign could use the data they’ve stolen from infected PCs to commit fraud or even worse, to steal your identity.

Gamers have been a popular target for hackers for some time now but in recent months, it really feels like they and other cybercriminals are going after them more and more. For this reason, you want to avoid downloading games from unofficial sources and stick to well-known PC game platforms like Steam or the Epic Games Store.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.