Tag: hackers

Programming, Security, Tech

Super Mario 3: The Spicy Meatball Edition

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

This might be the new mushroom kingdom if things don’t get better with Mario.
Photo by Russell Butcher, please support by following @pexel.com

All might not be so one up in the mushroom kingdom. Gamers who love playing as the tubby loveable plumber hopping in and out of pipes might want to opt for playing his other games until the sewage clears.

In a nutshell, if you have downloaded Super Mario 3: Mario Forever then the game isn’t the only thing that might be running on your computer. We’re going to look at what kind of attack this is, who used it, the functionality and effects upon its release, and what are some ways you can prevent this from being your computer’s last one up.

Subscribe today to Scriptingthewhy or Mario will beat you with a spicy meatball!
Photo by Pixabay, please support by following @pexel.com

The Attack

One-upping everyone to speed who is unfamiliar with the loveable plumber, his brother Luigi, the Princess Peach, and everyone in the mushroom kingdom, Mario is a popular platformer game that was released in 1985 on the home console Nintendo Entertainment System or widely known as NES under the title “Super Mario Bros.”

The objective of the game was to rescue the chronically kidnapped Princess Peach from the overgrown-I-don’t-know-how-this-relationship-would-work-because-his-a-lizard-and-she’s-a-human King Bowser. Just know a long story short there are some questionable motives on all parties, but Mario goes on a massive trip to rescue her time and time again. And one of those times was the Super Mario 3: Mario Forever game.

For those who may not know, Mario Forever is a fan-made game that was released in 2003 with the old-school NES side-scrolling and art style with an updated look and some new features.

Within the Super Mario game, trojan malware has been released for unsuspecting gamers with the intent to do some mining. And before you make the joke, it’s not mining with Minecraft. Minecraft has its own problems to dig through.

We may have to take a closer look when downloading files.
Photo by cottonbro studio, please support by following @pexel.com

Who Can It Be Now

Digging through research, threat actors were discovered by Cyble—a cyber threat intelligence and research company, that has spotted threat actors distributing a slightly different sample of Super Mario 3 installer.

It has been known that threat actors frequently hide malware in-game installers and since Mario is a highly popular gaming franchise this makes the perfect attack vector for threat actors.

Just when you thought Mario couldn’t plunge himself deeper into your wallet. Thanks a lot Nintendo.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Derek: Z-Daddy, you mean like the malware piggy backs like this?
Z-Daddy: That Derek but in this version there’s two spicy meatballs.
Photo by Pexels User, please support by following @pexel.com

The Sinking Feeling

Appearances of Mario Forever, the trojan edition, have been thought to be seen circulating on gaming forums, and social media outlets, and appearing high up on search results. In this attack, there are three portions.

The first installs the Mario game and the other two secretly creep into the victim’s AppData directory during the installation. Once this process is complete, the installer fires up the XMR and the SupremeBot mining client. All the information about the victim’s machine is collected and sent to a mining server to begin the mining process.

A quick thing to note, XMR which is better known as Monero, is a mining program used by cybercriminals for crypto-jacking. In short, it makes use of the CPU (Central Processing Unit) to mine for Monero coins, the irony. The file for Monero will appear as “java.exe”. While this happens, SupremeBot, which will appear as a file named “atom.exe”, creates a copy of itself and places it in a hidden folder of the game’s installation directory.

Afterward, hiding under the name of a legitimate process, a scheduled task is created to run the copy every 15 minutes indefinitely. The first process is stopped, and the original file is deleted, this is done to avoid detection. Once that is completed, the malware sets up a connection with the C2 (Command and Control) server, here is where the collected data is transmitted, information about the client is registered, and the configuration for mining Monero is run.

SupremeBot then receives the payload from the C2 server in the form of a file named ‘wime.exe.’ This final file is called Umbral Stealer (UmS)—an information stealer programmed in C# designed to steal from infected Windows devices. All the information stored in web browsers such as, but not limited to, stored passwords, cookies, session tokens, crypto wallets, credentials, and authentication tokens for Discord, Minecraft, Roblox, and Telegram.

UmS can also create screenshots of the desktop, gain control of the webcam, and other media devices and collect local data before exiting to the C2 server. If that wasn’t enough, UmS can bypass the Windows Defender if tamper protection isn’t enabled.

If not enabled, UmS will add itself to Defender’s exclusion list, this means if it wasn’t on the welcome list before, it is now. UmS will also configure Windows host files to hinder communication with antivirus products rendering them ineffective. Just when you thought having a little security couldn’t get any smaller.

So, do I… squat to get into the pipe or…what? How do I protect Mario anyway?
Photo by cottonbro studio, please support by following @pexel.com

The Prevention

Any gamer will tell you that it’s hard to keep Mario completely safe while traversing Mushroom World on his never-ending quest to rescue Princess Peach. Many know it takes a couple of hits to cost Mario a life, but it only takes one for your computer.

A few ways to defend are downloading from official sources as third-party sources could have malware. It is best to frequently scan any downloads before running them on your computer.

Always make sure your antivirus software is up to date. If you feel as though you may have downloaded an infected version of Mario Forever, then you should scan your computer and remove anything detected.

If found, you should prioritize what is most important and change all passwords to any logins such as personal, banking, emails, and financial immediately. Keep your information safe and let Mario be the one running around in a panic.

Yea, I’ll just wait until this whole thing blows over. I’ll help Mario with his mushroom addiction later.
Photo by Anurag Sharma, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Monero, SupremeBot, or Umbral Stealer? Script a comment below.

Programming, Security, Tech

Hounds & The Morris Worm

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

man in dress shirt on the phone.
What do you mean “it’s illegal to drop a toaster onto Eric head”?
It’s not a crime if it was for science.
Photo by Andrea Piacquadio, please support by following @pexel.com

Outside of the longing to conduct social experiments, a popular one is dropping a toaster atop your co-worker’s head to test gravity and ensure it still works. You could say the internet has and can take us places we never thought possible.

We can go to many locations, stay in touch with people close and far, and have the ability to get our digital hands on anything provided we have the coin. So, with all the good, what’s the bad? Well, the bad is, again being able to get your digital hands-on certain items, most of which could be questionable, if you have the coin.

I mean, it shouldn’t be that easy but here we are. One of which is someone mails you a flash drive saying “Hot Nudes, your spouse will never know. Don’t worry.” You should worry and never put the flash drive into your system because your spouse will know when the computer starts acting wonky and a virus begins to run rampant on your machine and very soon, your network. Again, five minutes of fun could have you rooted, and I’ll go over how.

dog in greyscale.
I know that I am a cute dog. I do know what you want but I want you to know something. I have a particular set of teeth; I will find you… and I will bite you.
Photo by Sedat Ozdemir, please support by following @pexel.com

Capture and Release

Have you ever watched The Simpsons and heard the famous line from Mr. Burns, “Release the hounds”? If you haven’t here’s a brief overview, Mr. Burns is mainly an evil rich guy who employs Homer and a few of his friends, and when the mood strikes, he will tell his assistant Mr. Smithers to release the hounds to chase Homer off.

So in a sense, what every corporate boss wants to do but legal reasons stop them. I use this phrase because it’s symbolic of what happens after releasing a virus or what it is actual name is a worm. Computer worms are a subset of trojan malware that can self-replicate from one computer to another and eventually spread through a network without human intervention.

The original name was The Morris Worm, named after Robert Tappan Morris. Robert being a simple student at Cornell University created this worm with the intention to gauge the size of the precursor internet of the time “ARPANET” (Advanced Research Projects Agency Network)– the first public computer network mainly used for academics and research.

However, this testing resulted in a denial-of-service (DoS) for 60,000 machines back in 1988. But the fun doesn’t stop there, the United States v. Morris 1991, resulting Morris being the first convicted under the 1986 Computer Fraud and Abuse Act having a nice price tag of three years in prison, 400 hours of community service, and finally paying a fine of $10,000. This may have you thinking twice about trying to view spicy pictures of kittens on your family computer.

man holding 2 paint brushes
I think I caught Covid from this one last time.
Photo by Andrea Piacquadio, please support by following @pexel.com

Vectors of Infection

A worm, how is it different from a virus? Worms, as mentioned earlier, tend to be able to self-replicate and spread throughout linked computers and then onto the network.

Viruses, on the other hand, tend to be attached to files or programs and hide until transferred elsewhere unknowingly. So if you wanted this in nightclub terms, worms are crabs and viruses are herpes.

Some of the vectors used for infection are emails, file sharing, instant messaging, smartphones, flash drives, and if it’s connected to the internet in some fashion, game over man could be heard from everyone on your contact list and pretty much around the world. The six degrees of separation would no longer exist if a worm were never quarantined and dealt with.  

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

person in medieval armor
She said bring protection…girl just you wait. I got all the protection.
Photo by PhotoMIX Company, please support by following @pexel.com

Keeping safe via Updates

So, how would you be able to tell if you have a computer worm running around making its wormy babies on your PC (Personal Computer)? Some signs are files making like a deadbeat parent and just disappearing (I’m not going to single out deadbeat fathers, there are deadbeat mothers too).

Your computer begins to run slower close to sluggish, this could be caused by the worm taking up memory as it spreads leading to a large amount of free space being taken up. So at this point, you may be thinking “Wow this suck, I want to see spicy pictures of kittens, but I don’t want crabs.”

Well, you’re in luck, and don’t let your spouse know that Z-Daddy told you this. Some ways to prevent catching a worm or “crabs”, Deadliest Catch, staying away from downloading from unknown sources, verifying with your contacts if something is sent from them, keeping the operating system up to date, and having antivirus software and making sure that’s up to date as well.

Morris may have created a monster that caused a decent amount of chaos and was the first person to get freshly smacked with the Computer Fraud and Abuse Act (CFAA) but went on to cofound the online store Viaweb and later funded firm Y Combinator. So every cloud has a silver lining.

Mark: So what I got from this script is that I can create a virus open my own business.
Tina: That’s not what he meant Mark, stop skimming and actually read.
Photo by Anna Shvets, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Figure there’s some information I missed on computer worms. Scripted a comment below.

Security, Tech

Being on the grid made easy.

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Hmmp, funny thought.
Photo by Pixabay, please support by following @pexel.com

You know, there is always something you could learn on the internet. If you’re interested in getting better at math, you can learn how to do equations better, if you’re interested in learning another language, you can find courses online (or people in real life) and learn. And if you’re interested in finding out if your supervisor has an O.F. page so you can later use it for blackmail, there’s sure a place for that as well.

Well, not so much the last point since all you would have to do is a quick search– however, we’re not here to tell you how to ruin others, you’re an adult (we hope), so do your research. To the point, there has been a term making its rounds in the cybersecurity realm which at first glance may seem like a good idea but upon closer examination, it may have you saying “Oh, dear”.

Wait, I can get better at math?
Photo by Andrea Piacquadio, please support by following @pexel.com

The Attack

So, what is this term that was been square dancing all over the internet and two-stepping into the organization’s heart of fear? Look no further than LOTL. At first glance, you wouldn’t be wrong for thinking it breaks down to Lot Lizard, however, you’re wrong. And if you don’t know what they are, again, you’re an adult (we hope), do your research. If you don’t feel like doing your research, we’ll give you a hint. They have been known to be a fun bunch and have nothing to do with lizards. Unless you’re talking about the lizard part of the brain, then they may have found a cleverly way to incorporate fun time with science. Meh, who knows?

Humans have lizard parts in their brains? Who knew?
Photo by Robert Nagy, please support by following @pexel.com

Who Can It Be Now

LOTL is “Living off the land”, this is a form of cyber-attack where the threat actor carries out malicious activities using legitimate IT admin tools. This goes along with using RAT (Remote Access Tools), the end goal is to get into the system or network and escalate their user privileges. Why would someone want to increase their user privileges, we can hear you ask. Well, the answer is simple, anything you can do, they can do as well, if not, better.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Yes, your browser history is most interesting.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

You might be wondering, how is something like this done. There are many ways this is executed but for the most part, it comes from an insider threat. Insider threat actors have knowledge about the organization they work for and already are trusted members, with these two factors make them the prime candidates for wreaking havoc.

Blamed for something I didn’t do. I can’t possibly see why I would be disgruntled.
Photo by Yan Krukau, please support by following @pexel.com

The Prevention

So, you’re a big company and you’re looking to protect yourself from insider threats. How can you protect yourself? The answer is simple, pay the people who work for you well, and you won’t have any problems. Obviously, we can hear you chuckling under your breath, yes, we know that’s not going to happen. Jokes aside, you can’t protect yourself 100% since you’re always going to have something that someone else or an organization wants. These threat actors could be hired by your competitors to sabotage or steal valuables from you. The best thing to do is to have training for employees in common cybersecurity issues and how to handle them and be vigilant when in the presence of odd behavior from others. This includes finding out that Bob from accounting has been living in the storage closet for about three weeks now, it’s understandable his wife kicked him out and he has nowhere to go, but this does classify as suspicious insider threat behavior and needs to be reported.

Yeah, I came up with these numbers while in the storage closet. I do my best work there.
Photo by Kampus Production, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on LOTL? Script a comment below.