IT Services Advisory: Fake Super Mario Run App Steals Your Data
Home 5 Blog 5 IT Services Advisory: Fake Super Mario Run App Steals Your Data
IT Services Advisory: Fake Super Mario Run App Steals Your Data - IntelliTeK Managed IT Services Sydney

Released in September 2016 on iOS and March 2017 on Android, Super Mario Run looked to follow in the footsteps of popular mobile games such as Pokemon Go and even Candy Crush but as with most apps nowadays attackers have released versions of these fake apps that steal the user’s credit card information.

You would be surprised how many support tickets IT services companies like us, get regarding network breaches which have originated from mobile devices. As much as we try to keep an organisations network airtight secure, there have been instances where networks have been penetrated due to user-related instances. One of the reasons is when a user downloads a ‘fake app’ and then connects their device into the organisations network where it proceeds to unleash its terror.

Mobile games have proven to be lucrative for cyber criminals as users one way or another continue to download these fake apps. Originating from third-party app stores, cyber criminals usually take advantage of popular or newly released apps which makes it more appealing for users to download. The problem with third-party app stores is that most are not regulated as the app stores on iOS, Android and Windows are. IT services recommends NOT to download apps from third-party app stores.

So let’s say you do download the Super Mario Run fake app from a third-party app store, it will look and feel exactly like the original app. As the norm, it will ask for various permissions which you usually will have to tap Yes to in order to proceed. During the installation process it will also ask for the app to have administrator privileges. After it has been successfully installed onto your device, it immediately extracts your mobile number, contact data, location and SMS messages. The main purpose of the app is to steal credit card information so when Google Play is opened the user is immediately presented with a fake Google Play payment screen. This should already begin to ring alarm bells but for those who wish to proceed by entering your credit card details, it’ll only be a matter of seconds before the cyber criminals have your data.

In other cases, clone app stores are known to be operating in the cyber world and fake ads on social media or anywhere on the internet may lead to people being redirected to fake app stores where they proceed to download fake apps. Disabling the “Allow installation of apps from unknown sources” setting prevents apps inadvertently downloaded these ways from being installed. By default, this setting is set to off. Only turn it on if you know you are installing an app from a trusted third-party app store.

Users should always check the privileges/permissions which an app is requesting. If a calculator app is requesting access to SMS messages then there is something fishy with that app and should be checked before installing. IT services recommends installing apps ONLY from the Google Play Store or the iOS/Windows equivalent. Mobile security is also a must these days to block threats from app stores before they can be installed and cause damage your device or data.

If your IT services company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779