🎮 Super Mario fans are being targeted by hackers, find out how.

Jun 30 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that does cybercrime dirty, like how Bud Light did Dylan Mulvaney 😂

It’s Friday, folks, which means it’s time for our weekly segment. It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it. This week it’s ‘Unlimited Elements For Elementor’. Bit of a tongue twister that, eh? Still, the fix is elementary, my dear Watson. Sorry.

In your Elementor

The good news this week, folks, is that we struggled to find a patch which suggests things were fairly quiet on the hacking front. Either that, or the hacks just haven’t been noticed and reported yet and so haven’t had a chance to be patched 🤔 Let’s hope it’s the former, eh?

So, ‘Unlimited Elements For Elementor’ is a popular addon to WordPress websites. But if you’re currently running version 1.5.65 or older, we strongly recommend you update to 1.5.66 as the risk rating is currently listed as ‘High’ on all earlier versions.

Don’t say we never do nothing for ya!

Now on to today’s hottest cyber security stories:

  • Trojanised version of Super Mario 3 installer targets Windows users

  • ‘Fluhorse’ malware is riding high, targeting credits cards & 2FA codes

  • Brave browser ups the ante in the fight for privacy, restricts local resources

It’s a me, Super MALio 😨

Here’s betting Wario had something to do with this, the vindictive bastard… So, what’s the 411? To all you gamers out there, looking to take a trip down memory lane via the free PC recreation of the Nintendo classic, Super Mario Bros, listen up, yo!

Ouch, right in the childhood 😫

Cybersecurity researchers at Cyble have detected a tampered variant of the Super Mario 3: Mario Forever installer designed specifically for Windows. This altered software is disseminated as a self-extracting archive executable via undisclosed channels. Huh?

It’s a fake version of the installer which, once launched, unleashes all hell on Windows PCs by doing things like nicking web browser data (including stored passwords and cookies containing session tokens), cryptocurrency wallets, and credentials and authentication tokens used for popular platforms such as Discord, Minecraft, Roblox, and Telegram.

It can also generate screenshots of the Windows desktop and exploit connected webcams to capture media. Yeah, f*ck that. This all thanks to the malware’s use of Umbral Stealer, a particularly nasty strain of infostealer.

The game is suspected to be promoted within gaming forums, social media groups, or distributed to unsuspecting users through malicious advertisements, Black SEO tactics, and comparable means. Yep, pretty textbook.

How does it work?

The compressed file comprises three executable files:

  • The first one, "super-mario-forever-v702e.exe," instals the authentic Mario game. The remaining two executables, namely "java.exe" and "atom.exe," are discreetly installed in the victim's AppData directory during the game's installation process.

  • Once these malicious executables are present on the disk, the installer proceeds to execute them, initiating an XMR mining operation and launching a SupremeBot mining client.

  • Lastly, the SupremeBot component retrieves an additional payload from the C2 server in the form of an executable file named "wime.exe."

TOP TIP:

Only download games from sites you trust. If you’re still not sure, copy the name of the game, or the URL, or the filepath of the .exe file and put it in Google and do some research.

The scary thing is, when you download these things, you won’t know you’ve got a trojanised version until much too late so you want to be dead sure before you hit download.

Careful, folks. Keep dodging those dodgy downloads like Mario dodges toadstools. Or mushrooms. Or whatever the hell those things are.

Today’s AI Midjourney image, this is a horse sneezing btw 😂😂

Flu-gging a dead Horse 😏

Cybersecurity experts have unravelled the inner workings of a notorious Android malware clan known as Fluhorse.

This nefarious breed of malware has raised alarm bells by embedding its malicious components directly into the Flutter code, signifying a significant evolution in its tactics. Axelle Apvrille, a researcher from Fortinet FortiGuard Labs, shed light on Fluhorse's menacing capabilities in a recent report.

Fluhorse first made its debut on the digital battlefield when Check Point, a renowned cybersecurity firm, meticulously documented its malevolent manoeuvres in early May 2023.

The malware's primary targets were unsuspecting users in East Asia at the moment, cunningly infiltrating their devices through deceitful apps masquerading as the popular ETC and VPBank Neo applications, widely embraced in Taiwan and Vietnam. A cunning phishing scheme served as the malware's initial gateway to users' digital fortresses.

Operating under the radar, Fluhorse harbours a sinister objective: to pillage precious credentials, credit card particulars, and even the highly coveted two-factor authentication (2FA) codes delivered via SMS.

These ill-gotten treasures are promptly ferried away to a remote server under the complete control of the malevolent threat actors, leaving victims vulnerable and violated.

Fluhorse's audacious exploits mark a chilling milestone in the ever-evolving realm of cyber threats, underscoring the urgency for users to remain vigilant in safeguarding their digital lives from this insidious menace.

Sounds even worse than man flu! Well, maybe not quite.

Fortune favours the Brave 💪

In a bold move to safeguard user privacy, the visionary team behind Brave, the browser synonymous with digital fortification, has announced an imminent rollout of novel restriction controls.

What may come as a shock to many is the fact that most browsers nonchalantly permit websites to lay their grubby hands on these local resources with the same ease as they navigate other online assets. Brave, however, disrupts this unsettling status quo by shedding light on the issue.

"Surprising though it may be, most browsers allow websites to access these local resources just as easily as they can access other resources on the web," elucidates the Brave team.

This insidious practice has been thriving since at least 2020, infiltrating prominent websites like eBay, Citibank, Chick-fil-A, and a host of others.

The underlying motive behind these hacks pertains to anti-fraud scripts employed by these sites which covertly extract user fingerprints and harvest information about the software nestled within users' machines. Yikes!

Brave's audacious manoeuvre to disrupt this digital subterfuge serves as a rallying cry for enhanced privacy measures, beckoning users to reclaim their autonomy in the face of relentless data-guzzling tactics.

With these forthcoming restriction controls, Brave bolsters its reputation as the champion of user privacy, defying the nefarious schemes that silently plague the digital landscape.

Brave and DuckDuckGo are leading the way when it comes to privacy online and we couldn’t be happier. Shine on you crazy Diamonds!

Happy Friday, folks!

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he's your Dawg, he got you.

MONDAY: UK Twitter hacker sentenced

TUESDAY: Careful with AI

WEDNESDAY: Anatsa banking trojan sweeps Europe and the U.S.

THURSDAY: Drone Hack Could Pose Serious Threat

footer graphic cyber security newsletter

Recent articles