Malware Campaign Hides Ransomware in Super Mario Wrapper

A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.

In the Mario Brothers universe, Mario is a hero, but that good guy status doesnt extend to the real world — at least not for victims of a malware campaign that wraps the GandCrab ransomware in a Mario graphic package.
Matthew Rowan, a researcher at Bromium, discovered the campaign in a malware sample he was analyzing. In his blog post detailing the discovery, he shows how threat actors hide their true intentions, why its a very bad idea to disable software protection mechanisms, and why old encryption techniques like steganography are still useful in the modern era.
The steganography comes into play with heavily obfuscated Microsoft PowerShell commands hidden within the color channels of a picture of Mario in a particularly cool pose. Rowan notes that hiding commands in the image makes it very difficult for a firewall to pick up the threat and apply a standard filter against the malware.
The new campaign is a threat to computer users in Italy, though, like most such campaigns, it could easily be modified by a different criminal to target users in any (or every) geography.
Read more
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Malware Campaign Hides Ransomware in Super Mario Wrapper