Super Malware Bros: Android Marcher Poses As 'Super Mario Run'

It's malware time. A cloud security company named Zscaler revealed that malicious software has been disguised as the Android version of Super Mario Run, which is currently restricted to iOS devices, to fool eager gamers into compromising their financial data by installing the Android Marcher Trojan.

This isn't the first time attackers have used something's popularity to their advantage. Zscaler said Android Marcher was previously hidden in apps made to look like the augmented reality hit Pokémon Go, distributed via porn sites, and uploaded to dummy versions of app marketplaces like Google Play. If anything's popular in the smartphone era it's stuff like Pokémon Go, porn, and mobile apps--and, now, wildly successful games like Super Mario Run.

Here's Zscaler on how the malware works:

Marcher is a sophisticated banking malware strain that targets a wide variety of banking and financial apps and credit cards by presenting fake overlay pages. Once the user's mobile device has been infected, the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details. Unsuspecting victims will provide the details that will be harvested and sent out to to the malware's command and control (C&C) server.

Targeted apps include mobile banking software, which would allow the attackers to steal from someone using their compromised login credentials, and the Google Play store itself. Android Marcher creates an overlay asking for credit card information whenever Google Play app is launched; the store cannot be accessed until that information has been provided. Either way the malware provides everything hackers need to drain someone's finances.

So what are people to do? Well, the best option is to avoid installing software from unknown sources. Another is to be wary of websites or advertisements claiming that a long-awaited app has debuted. Something like Super Mario Run heading to Android is bound to make a splash; verifying that the game has actually made the jump from Apple's platform to Google's would take little more than a quick search. A little caution goes a long way.

Oh, and if you're interested specifically in Super Mario Run on Android, the title can be found on Google Play. It isn't available yet, but you can "pre-register" to receive a notification when Mario's latest adventure is ready to be played.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • therealduckofdeath
    I'm 100% certain you can create a side-loaded malware and call it "This is designed to empty your bank account", and you'd get people to install it.
    Reply
  • nzalog
    "This is designed to empty your bank account"
    So basically any free app which has in-app purchases?
    Reply
  • wifiburger
    maybe if people would change their mentality from "i need the latest games from Nintendo" to "I don't give a crap ass about mobile games from Nintendo" then these exploits would have 0 success !
    Reply
  • tntom
    Can you please make it clearer in the headline and in the first paragraph of the article that this is side-loaded malware and whether it is known to be downloadable from the Google Play store itself.

    Thankfully Android dignifies its users with the ability to side-load apps not from the Play store. It also means Android users who choose to enable this feature must have some level of maturity to their app install habits. Articles like this are a good thing for educating that group when properly focused without needlessly alarming groups who rely solely on the safety net of the Play store.
    Reply