Super Malware Bros: Android Marcher Poses As 'Super Mario Run'

News
By published

It's malware time. A cloud security company named Zscaler revealed that malicious software has been disguised as the Android version of Super Mario Run, which is currently restricted to iOS devices, to fool eager gamers into compromising their financial data by installing the Android Marcher Trojan.

This isn't the first time attackers have used something's popularity to their advantage. Zscaler said Android Marcher was previously hidden in apps made to look like the augmented reality hit Pokémon Go, distributed via porn sites, and uploaded to dummy versions of app marketplaces like Google Play. If anything's popular in the smartphone era it's stuff like Pokémon Go, porn, and mobile apps--and, now, wildly successful games like Super Mario Run.

Here's Zscaler on how the malware works:

Marcher is a sophisticated banking malware strain that targets a wide variety of banking and financial apps and credit cards by presenting fake overlay pages. Once the user's mobile device has been infected, the malware waits for victims to open one of its targeted apps and then presents the fake overlay page asking for banking details. Unsuspecting victims will provide the details that will be harvested and sent out to to the malware's command and control (C&C) server.

Targeted apps include mobile banking software, which would allow the attackers to steal from someone using their compromised login credentials, and the Google Play store itself. Android Marcher creates an overlay asking for credit card information whenever Google Play app is launched; the store cannot be accessed until that information has been provided. Either way the malware provides everything hackers need to drain someone's finances.

So what are people to do? Well, the best option is to avoid installing software from unknown sources. Another is to be wary of websites or advertisements claiming that a long-awaited app has debuted. Something like Super Mario Run heading to Android is bound to make a splash; verifying that the game has actually made the jump from Apple's platform to Google's would take little more than a quick search. A little caution goes a long way.

Oh, and if you're interested specifically in Super Mario Run on Android, the title can be found on Google Play. It isn't available yet, but you can "pre-register" to receive a notification when Mario's latest adventure is ready to be played.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

More about security software

Florida experiences a huge 1,150% surge in VPN use as Pornhub blocks access in response to age-verification law

BadRAM attack breaches AMD secure VMs using a Raspberry Pi Pico, DDR socket, and a 9V battery

Sabrent's USB Type-C M.2 SSD Enclosure reduced to just $22 at Amazon
See more latest
4 Comments Comment from the forums
  • therealduckofdeath
    I'm 100% certain you can create a side-loaded malware and call it "This is designed to empty your bank account", and you'd get people to install it.
    Reply
  • nzalog
    "This is designed to empty your bank account"
    So basically any free app which has in-app purchases?
    Reply
  • wifiburger
    maybe if people would change their mentality from "i need the latest games from Nintendo" to "I don't give a crap ass about mobile games from Nintendo" then these exploits would have 0 success !
    Reply
  • tntom
    Can you please make it clearer in the headline and in the first paragraph of the article that this is side-loaded malware and whether it is known to be downloadable from the Google Play store itself.

    Thankfully Android dignifies its users with the ability to side-load apps not from the Play store. It also means Android users who choose to enable this feature must have some level of maturity to their app install habits. Articles like this are a good thing for educating that group when properly focused without needlessly alarming groups who rely solely on the safety net of the Play store.
    Reply
Most Popular
AMD RDNA 4 and Radeon RX 9000-series GPUs
'World's first' AMD GPU driven via USB3 — Tiny Corp tests eGPUs on Apple Silicon, Linux and Windows also supported
Sandisk's dynamite new SSD technology
Sandisk teases 'dynamite' new SSD controller dubbed Stargate
Images from the Philips Fixables Printables page
Philips debuts 3D printable components to repair products
Can you beat Fugaku? No chance.
Supercomputer beats human four sextillion to 13 in ‘Super Keisan Battle’ at Japanese tech show
RTX Ada Titan showcase
Unreleased RTX Titan Ada prototype showcased, 48GB VRAM, dual 16-pins — 'The biggest GPU I've ever held in my hand'
Intel Deep Link
Intel stealthily pulls the plug on Deep Link less than 5 years after launch
Gigabyte Aorus Stealth ICE motherboard
Gigabyte incorporates 64MB BIOS chip on X870 motherboard to integrate the WiFi driver
AMD 9060 XT GPU
AMD RX 9060 XT GPU retailer listings start at $450
AMD 6th Gen EPYC 9006 Venice CPUs reportedly offer up to 96 Zen 6 or 256 Zen 6c cores
laptop on fire
A new TikTok challenge has kids attempting to short-circuit school-issued Chromebooks