Alert Priority Moderate
9 January 2017

Individuals are continuing to try to trick users into installing malicious software (malware) that steals sensitive information such as financial credentials.

A common tactic is to distribute malware under the guise of a popular online game. Security researchers have reportedly identified malware that pretends to be an Android version of the popular game Super Mario Run.

People trying to install the game instead infect their mobile device with malware known as 'Marcher' that endeavours to capture personal financial details.

This malware reportedly also forces people using infected devices to provide credit card information before they can use the Google Play app store.

This is not the only instance of a fake version of a popular game  to distribute malware. Last year a malicious version of Pokémon Go was used to install malware on Android devices to capture sensitive user information.

Staying safe

You can minimise the risk of infecting your smartphone, tablet or other device by only installing games from legitimate app stores (such as Google Play or Apple).

However, Stay Smart Online recommends that you carefully review all games and apps before you download and install, as malware-infected apps have been discovered in these stores as well.

For example, you should read reviews and ratings for any games and apps you may be considering downloading, and search online for relevant comments or other information. However, be mindful that these checks may not completely eliminate the risks involved. Also, if you are unsure why an app needs access to your contacts, calls, photos or location, see if there is a different app available that has the same functionality that you need.

You should also install and regularly update antivirus software on your smartphone or tablet.

If you have installed an unofficial version of Super Mario Run for Android, seek immediate technical advice.

More information

Stay Smart Online has information on protecting your mobile devices.