Security

Malware Disguises Itself as Super Mario Run

Android users and game enthusiasts, beware: cyber criminals are disguising Trojan malware as the much beloved and popular Super Mario Run game, putting users’ banking, credit cards, and social media apps at risk of being hacked. Much like past attempts to install information-stealing malware on devices prior to the release of Pokemon Go, this most recent attack targets Android users looking to download the popular Super Mario Run game on their Android devices from third-party sites. For that reason, we recommend you download apps only from the official Google Play store and click below immediately to scan your device for malware.

The Marcher malware works by posing either as a firmware update for Android users, prompting them to enter sensitive bank details in a fake login page for online banking, or, as utilized by this most recent attack, as ad promotions on various websites prompting Android users to “download” Super Mario Run.

Once downloaded, the malicious app prompts users to submit credit card information in an overlay page, then claims various permissions, including access as an administrator for the device. When the malware has permission over the device, it can then steal log-in data from your banking apps, such as credit card information and routing numbers, and other apps containing sensitive personal information. The hackers can also access apps such as Facebook, WhatsApp, Skype, Gmail, and the Google Play store to carry out additional fraud.

PSafe’s security team alerts that Android gamers can only download Super Mario Run on the official Google Play store. “To keep your data safe from hackers, it’s important to avoid downloading apps from unofficial sources and use an effective antivirus app. DFNDR, for example, regularly scans the cellphone, preventing from hacking” says Emilio Simoni, security manager at PSafe.

Nintendo released the Super Mario Run mobile game for iOS device, it but didn’t make it available for Android. The game earned instant success when it was downloaded over 40 million times within the first four days of its release on Apple iOS, and is likely to be popular on the Google Play store as well.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Does Your Phone Listen to You for Ads? Myth vs. Reality

That feeling that your phone is “listening” is common, but the explanation usually has less…

57 years ago

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago