Skip to Content

New malware hiding as app and stealing victims’ banking details

To much fanfare and excitement, Nintendo’s Super Mario Run was released exclusively for iOS on the iPhone and the iPad last month. It’s the Nintendo mascot’s first official foray into a third-party mobile gaming space and it has excited both gamers and smartphone owners alike.

It was off to a fast start as the game was downloaded by 38 million users in the first three days after its release. It topped the Apple App Store for most downloads and top-grossing charts in multiple countries.

If you are an Android user, however, you will have to wait until its official release for their platform. You can pre-register via Google Play to get notified when the game is ready but the wait may take more than a month or more. Impatient Android gamers who want an early glimpse of the game may start looking elsewhere.

Researchers at Zscaler are reporting that cybercriminals are capitalizing on this impatience as a fake version of Super Mario Run is now circulating on third-party and unofficial app stores. The fake game, with the file name SuperMarioRun.apk, is actually the malware Marcher in disguise.

Super Mario Run

We have covered Marcher before and cybercriminals tend to cloak it with different disguises, like legitimate apps or firmware upgrades. Upon installation, Marcher tricks users into relinquishing credentials and credit card information by overlaying real applications with fake mobile phishing pages resembling the real thing.

As with other versions of Marcher, the “game” will ask for administrative access, but it’s actually granting the Marcher malware the ability to do its dirty job: impersonate legitimate apps and overlay them with fake ones.

Hijacked apps with the fake overlays include banking apps and these popular ones:

  • Google Play store
  • Facebook
  • Facebook Messenger
  • Viber
  • Whatsapp
  • Skype
  • Instagram
  • Twitter
  • Gmail
  • Chrome
  • UC Browser

The overlays will look like the legitimate login pages of the apps affected, but they’re actually mobile phishing sites designed to steal your user credentials and credit card and banking information.

If you can’t wait to try Super Mario Run for Android, we advise that you just hold off until the official game from Nintendo is released in the official Google Play store. If there are files online claiming to be “cracked” versions of the application, they are most likely malicious.

Protect yourself against Marcher

As always, to protect yourself against Marcher and other Android malware, the best practice is to avoid downloading and installing apps from “Unknown Sources.” Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.

Second, be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don’t grant any system permission to prompts coming from unknown sources.

And lastly, always be vigilant. As seen with this new Marcher malware tactic, things are sometimes not what they seem. App background

Check out the free App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the App, available in the Apple Store and Google Play Store.

Download Now