Cybercriminals are taking advantage of Android users who are desperate to play Nintendo’s wildly popular Super Mario Run mobile game, in order to spread the notorious Marcher banking Trojan malware.
Nintendo’s iconic plumber made his much anticipated debut on mobile devices in December and is currently exclusive to Apple iOS users, who can download the game via the App Store.
But some desperate users are looking for ways to gain access to it on Android by attempting to download versions from third-party websites. And, much like they did when Android users wanted to download Pokemon Go before it was available, attackers are actively looking to exploit that demand by tricking users into downloading the bank information stealing Marcher Trojan.
Cybersecurity researchers at Zscaler have warned that the Trojan is disguising itself as Super Mario Run in a new effort to steal financial account details and credit card numbers from those most desperate to download the game on Android by bypassing the official Google Play store.
From fake websites advertising the availability of an Android version of Super Mario Run, users are invited to download a phony version of the app, which demands the user grant it various permissions including administrative rights to the device.
Submitted by: Arnfried Walbrecht