Android Super Mario games identified as malware


Android Super Mario

Android version of famous video game Super Mario Run available on third party app stores is actually a malware uncovered Trend Micro – a Cyber Security company.

The Japanese company’s research uncovered multiple game applications posing as Super Mario on third party App store shows malicious behavior, sometimes it downloads other malicious applications.

In September 2016, Nintendo, the original maker of the famous game announced the release of Super Mario Run on iOS and Android. The iOS version of this game was launched on December 15, 2016. However, an official Android version of the game is scheduled to release next year. Taking the advantage of announcement, cyber criminals have launched multiple fake & malicious Super Mario Run games. Many of them are intended to do the intrusive activity.

Trend Micro has discovered the malicious version of Super Mario Run game for approximately 90,000 times in the year 2016. Per the research, these malicious games are mostly downloaded in Indonesia and India respectively.  

Distribution of malicious Super Mario app downloads
Distribution of malicious Super Mario app downloads

Maximum of these malicious Super Mario games discovered displaying Advertisements. However, there are many which have been seen installing other unwanted or malicious applications onto the user’s Android phone.

During security research, Trend Micro identified a couple of such malicious Super Mario, one being detected as ANDROIDOS_DOWNLOADER.CBTJ.

Once the user tries to open the downloaded game, it pops up to download an update. Instead, it downloads and installs another application from the 3rd party store. The application named 99App is itself a third party store. While installation, 99App asks for the permission to record audio, video and take pictures, which is a serious concern to user’s privacy.

Fake App downloading “update” & permissions of 9Apps
Fake App downloading “update” & permissions of 9Apps

Other malicious Super Mario game that researchers analyzed, was detected as ANDROIDOS_DOWGIN.AXMD.

It plays an emulator version of the original Super Mario game, however, it does perform malicious activities. It found creating displays pop-up and banner ads, installs other apps without any users consent.

Fake super mario Pop-ups & Fraudulent security warning
Fake Super Mario Pop-ups & Fraudulent security warning

The cyber security firm has advised users to avoid third-party app stores to download apps.  The firm added, “the risks to end users are quite high if they download the “unofficial” or “unreleased” versions of legitimate apps through third party store”. 

It is not the first case when crooks have created the fake applications to carry out intrusive activity. Earlier this year cybercriminals took advantage of the popularity of Pokemon Go to launch their own malicious version of the Pokemon game.