Malware attempts to steal financial info from Android phones
Super Mario Run is projected to launch in the Google Play Store in the coming weeks, after previously going live on iOS on December 15, and cybercriminals are trying to benefit from the excitement generated by Nintendo’s new title using a new wave of malware. Security company zscaler warns that malware disguised as Super Mario Run for Android is now spreading across the Internet, with users encouraged to download APKs that eventually infect devices and attempt to steal financial information.
Specifically, the malicious Super Mario Run for Android package is infected with the Android Marcher Trojan, which now comes disguised as Nintendo’s game, but features a similar behavior to what we’ve seen in the past.
Once it infects an Android device, it opens an overlay that requires users to enter their financial details whenever mobile banking apps are launched, and collected data is then saved and submitted to a command and control center owned by the attacker.
In most of the cases, the Google Play Store can no longer launch as users are provided with the same overlay asking for financial details.
“In previous variants of Marcher, we observed this malware family targeting well-known Australian, UK, and French banks. The current version is targeting account management apps as well as well-known banks,” zscaler says.
How to remain secure
First and foremost, the one thing that you should do is to never download APK files from sources that you don’t trust. Super Mario Run is not yet available for download on Android, but a listing has already been placed in the Google Play Store, so you can keep an eye on it to find out when it goes live.Softpedia has an always-growing database of APK files that is 100 percent secure as all files are scanned for malware, and this is a good place to start when looking for apps and games outside the Google Play Store.
Additionally, never, but never, provide your financial details in an overlay when launching mobile banking apps. This is pretty much the first sign that your device has been infected. In case you do that, contact your bank to take appropriate action.
Also, keep an eye on the permissions apps require when installing them on your device. In the case of the fake Super Marion Run app for Android, it wants administrative rights as well to modify system settings, a thing that you wouldn’t normally expect from a game.
For what it’s worth, here are the details of the fake Super Mario Run APK file should you want to make sure that your download is real (obviously, when it becomes available):
Name : Super Mario Run
Package Name : uiq.pizfbwzbvxmtkmtbhnijdsrhdixqwd
MD5 : d332560f1fc3e6dc58d94d6fa0dab748
Detections : 12/55(at time of analysis)
Package Name : uiq.pizfbwzbvxmtkmtbhnijdsrhdixqwd
MD5 : d332560f1fc3e6dc58d94d6fa0dab748
Detections : 12/55(at time of analysis)