The world’s most iconic plumber has been spotted as the subject of a fan-made video game that’s widely available for download across the internet—but keep reading before you go to download it.  

Unbeknownst to unsuspecting players, the game harbors a dark secret within its pipes and tunnels: trojan malware that, once installed, turns your computer into an unwitting cryptomining machine.  

In this case, saving the kingdom means lining the pockets of scammers while raising your electricity bills and severely crippling system performance. 

A recent report from Cyble revealed the discovery of a version of Super Mario 3: Mario Forever that may contain multiple types of malware inserted by bad actors. For clarity, Mario Forever is a fan-made game, distributed by third-party hosts and websites. It is not an officially licensed game from Nintendo, and you shouldn’t be concerned when downloading content from the officially-licensed game sites. 

The mere mention of a popular video game, especially one with huge popularity and deep nostalgia cuts, can draw massive interest in a very short amount of time. Like downloading movies for free, the quick rush of the masses to gain free content from unregulated and unsecured websites is exactly the kind of opportunity cyber criminals capitalize on. 

The widely downloaded malware contained two viruses. One attached itself to a downloader’s web browser to steal passwords, financial info, and account information. The second created a program on the computer that would take up processor speed and RAM to mine cryptocurrency and send it to bad actors.  

When a computer is hacked by cryptomining malware   

Cryptomining is the process by which transactions for various forms of cryptocurrency are verified and added to the digital blockchain ledger. We’re not going to go into details here (you can google it if you want the gritty details), but what’s important to know is that the process requires significant computer power to be effective. As a result, cyber criminals have developed methods to use others' resources without their knowledge or consent. They do this by developing a piece of malicious software, or malware, specifically designed for cryptomining. This process is also known as “cryptojacking.” 

This malware infiltrates your computer through seemingly innocuous means. It might appear as a benign email attachment or be embedded in a downloaded movie or fan-made game. Once the content is opened, the cryptomining script is installed on the computer.  

Once cryptomining malware finds its way onto your computer, it runs in the background, often without your knowledge. It uses the computer's processing power to solve complex computational problems, then transfers the results to the cyber criminals who created the malware.  

The negative impact on the user's side can be significant. This kind of malware can use up a significant amount of processing power, slowing down the system and potentially causing it to overheat. This can make your computer run slower, increase your electricity bills, and decrease the lifespan of your computer's hardware. Often, as was the case with Mario Forever, the malware may be bundled with other types of malicious software, leading to threats to security and privacy. 

Keep your computer peachy-clean 

Online gaming has been a popular target for bad actors. To mitigate risks, it's essential to adopt good cybersecurity habits. Exercise healthy skepticism when downloading any content from third parties, unofficial vendors, and unsecured websites. Additionally, you’ll significantly increase your defense against malware when you install antivirus software, keep it updated, and never ignoring the warnings if a program installation asks you to turn it off.