May 12, 2023 - Technology

Exclusive: Malware targeting "Super Mario Bros." movie

Illustration of a cardboard moving box as a Mario-style mystery box.

Shoshana Gordon/Axios

Malicious hackers are embedding malware into illegal downloads of the "The Super Mario Bros. Movie," researchers at ReasonLabs have found.

Driving the news: ReasonLabs published a report today, first shared with Axios, detailing how a Trojan virus is infecting people looking for a free way to watch the smash hit movie.

  • Attackers were first spotted targeting "The Super Mario Bros. Movie" on April 30, right after the full movie was leaked — and then taken down — on Twitter.

The big picture: Researchers said in the report that they've seen this exact virus used more than 150,000 times before to target other rip-offs of trending movies and software products.

  • "Outside of ReasonLabs users, there are seemingly millions of affected users around the world," the report says.

How it works: Users will download files thinking they've scored a free, illegal copy of the movie.

  • But instead, inside the download folder are files that will install a malicious web extension onto someone's browser once the browser is opened again.
  • The browser extension then hijacks the browser's search function to look for sensitive financial data and other information stored in the browser, like user passwords.

The intrigue: The browser extension appears to be targeting the Google Chrome web browser, based on the researchers' findings.

  • Because the browser extension was downloaded locally onto the user's computer, it can't be removed using the tools in the Chrome Web Store — limiting Google's ability to help users.

Yes, but: Attackers have been embedding malware into illegal movie and music downloads for decades (remember Limewire?).

  • It's unclear how much longer people will be interested in finding free ways to watch "The Super Mario Bros. Movie" once it makes its streaming debut.
Go deeper