Zscaler researchers spotted cyber crooks looking to take advantage of the latest mobile gaming craze by disguising Android Marcher as Super Mario Run.
Currently, the game is only available for iOS devices and there is no word on when it will be available on the Android platform leaving fraudsters an opportunity to take advantage of eager gamers unwilling to wait, according to a Jan. 5 blog post. Like a previous version of the trojan which capitalized on the staggered release of the Pokémon Go app, the trojan attempts to trick victims with fake finance apps and by using a credit card overlay page to steal financial information.
Users may be drawn in by a fake webpage promoting the release of the game and upon installation, the trojan requests multiple permissions including for administrative rights.
Researchers suspect the malware variant is still under development as they spotted that banking overlay pages served by the C&C were not functioning properly when they first examined the post.