Beware: Android Super Mario Run is Actually Malware; Don’t Download It

Cyber Criminals are taking advantage of newly released Super Mario Run gaming app on iOS.

Super Mario game is loved by all, elders, adults and young ones alike. The game has been released on iOS but not on Android OS, yet. Android device owners have been waiting anxiously for the game to be released so that they could enjoy it while on the go. We do know that android users are in abundance all over the world and Super Mario is a game that is popular across borders. Therefore, it isn’t surprising that when users found out that the game’s android version is now available, they were quick to download it.

Read: Beware; Hackers targeting Pokemon Go Users with Smishing Scam

Much to their dismay, the android version of Super Mario, which is available on third-party android app stores, is actually a phony app that contains malware. There isn’t just one but various such apps floating across unreliable app stores. One of the apps is named Super Mario; it obtains complete control of the device after asking for edit, read and receive/send text messages privileges and go as far as capturing images and videos along with using the phone’s GPS to track your location.

The news was broken by Trend Micro, an IT security firm based in Tokyo, which identified that their security research team has discovered malicious apps of Super Mario game around 90,000 times in 2016. However, the company maintains that such phony Super Mario game apps have been around since 2012 but, due to the fact that there is news about the android version of the game releasing sometime in 2017, the frequency and number of these malicious apps have doubled.

Here’s the percentage of users who have downloaded fake Super Mario game apps on their Android devices:

Indonesia 41%, India 33%, Mexico 8%, Japan 4%, Philippines 3%, United States 2% and others 9%.

The app mentioned above is one of those infected apps that requests users to install an update titled 9Apps, which asks for additional rights such as recording audio, accessing SD-card and changing calendar entries.

This particular app also offers an imitated version of the real NES Super Mario Bros., game. However, according to the analysis of Super Mario, the app also displays “unnecessary icons, pop-ups, banner ads [and] installs other apps and performs other intrusive activities without any input from the user.”

If you click on any of the displayed ads then the apps will redirect you to other malicious web pages or adult websites, which will try to install other apps on your device. Needless to mention, these new apps will be loaded with other malware which will then request for administrative privileges on your device.

It is recommended that you avoid downloading any app from third-party stores and only rely upon official stores such as Google Play Store. Also on your android device, click onto Settings and uncheck the “Unknown Sources” box if it is turned on.

Remember, this is not the first time when cyber criminals are using a famous gaming app to infect uninformed users. Just a few months ago, Pokémon Go app was also used for infecting those looking for its Android app days before its official release on Google Play Store.

Read: India Blames ISI for Spying on Military Through Gaming and Music Apps

More:  Latest iMessage Hack Crashes iPhone within Minutes

The same Pokémon Go app was also used by cyber criminals to conduct ransomware and as well as other scams allowing attackers to gain full access to an infected device through remote access tool (RAT).

Written by Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.