Malware posing as Super Mario Run is infecting devices

Attackers are taking advantage of the popularity of “Super Mario Run” to spread a malicious malware through fake Android Application Packages (APKs) to steal banking credentials of users.

Nintendo’s Super Mario Run broke the records with its release last month and was one of the top 10 most downloaded games of 2016. The game was released to iOS users only. After that, Nintendo listed the game on Google Play store for pre-register. But no date has been announced yet that when it will be made available for Android users.

Hackers are taking advantage of the game’s popularity and spreading malicious malware “Android Marcher” through fake APKs online. A similar scam also occurred when Pokémon Go was released.

What is ‘Android Marcher’ malware?

A global cloud-based information security company, Zscaler, describes the Marcher Trojan as,

“Marcher is a sophisticated banking malware strain that targets a wide variety of banking and financial apps and credit cards by presenting fake overlay pages. Once the user’s mobile device has been infected, the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details. Unsuspecting victims will provide the details that will be harvested and sent out to the malware’s command and control (C&C) server.”

How does it attack?

Taking advantage of users’ impatience for the game, attackers have disguised the malware as Super Mario Run in form of APK files. Marcher malware details:

• Name: Super Mario Run
• Package Name: uiq.pizfbwzbvxmtkmtbhnijdsrhdixqwd
• MD5 : d332560f1fc3e6dc58d94d6fa0dab748
• Detections: 12/55(at time of analysis)

Upon installation, the malware asks for multiple permissions including administrative rights. After that, the virus locks users out of Google Play until they input their credit details. The full list of targeted apps can be seen here.

How to avoid getting infected?

• Android Marcher has been around since 2013 and it continues to target the financial information of users. Users should download apps only from trusted sources like Google Play and should not fall victim to the infected APK files.
• Also, users should not provide their banking information in an overlay when launching banking apps.
• Keep an eye on the permissions an app requires while installing. Do not give your administrative rights to any app.
• Also, users can pre-register for the game at Google Play and they will be informed by a notification from Play store whenever the game is available for download.

Source: zscaler