Trend Micro has identified more malicious Android apps abusing the name of the popular mobile game Super Mario Run . We earlier reported about how fake apps were using the app ’ s popularity to spread ; attackers have now released versions of these fake apps that steal Attack.Databreach the user ’ s credit card information . Super Mario Run is a mobile game that Nintendo first released on the iOS platform in September 2016 , followed by the Android version on March 23 , 2017 . Mobile games have always proven to be attractive lures Attack.Phishing for cybercriminals to get users to download their malicious apps and potentially unwanted apps ( PUAs ) . This is not the first time that the name of a popular game was abused ; we ’ ve discussed how the popularity of Pokémon Go was similarly abused . Based on feedback from the Smart Protection Network™ , we saw more than 400 of these apps in the first three months in 2017 alone . In the same time frame , we saw 34 fake apps explicitly named Attack.Phishing “ Super Mario Run ” —it ’ s a noteworthy trend , as we saw the first of these only in December 2016 . In this post we ’ ll discuss the behavior of a new credit card stealing variant named “ Fobus ” ( detected as ANDROIDOS_FOBUS.OPSF ) . Cybercriminals frequently take advantage of popular and hotly anticipated titles to push their own malicious apps . These are usually distributed via third-party app stores . Some users may utilize such app stores to download “ unreleased ” versions of legitimate apps , or to obtain apps for free . These apps are illegitimate in the first place , and the risks to end users are quite high . We strongly advise that users download and install apps only from legitimate app stores such as Google Play or trusted third-party app store . In other cases , an attacker may even provide Attack.Phishing a fake app store that resembles Attack.Phishing Google Play . Alternately , a message supposedly from a friend sent Attack.Phishing via social media may lead to a malicious app . Disabling the “ Allow installation of apps from unknown sources ” setting prevents apps inadvertently downloaded these ways from being installed . By default , this setting is set to off . Only turn it on if you know you are installing an app from a trusted third-party app store . To carry out malicious behavior such as installing other apps on the user ’ s device without any user input and consent , or hiding icons and processes , an app needs device administrator privileges . Legitimate apps seldom require these ; users should double check whenever an app asks for them . This is particularly true of games , which do not require device administrator privileges . A “ game ” asking for these privileges is likely to be malicious or a PUA . Trend Micro solutions Users should only install apps from the Google Play or trusted third-party app stores and use mobile security solutions such as Trend Micro™ Mobile Security to block threats from app stores before they can be installed and cause damage your device or data . Enterprise users should consider a solution like Trend Micro™ Mobile Security for Enterprise . This includes device management , data protection , application management , compliance management , configuration provisioning , and other features so employers can balance privacy and security with the flexibility and added productivity of BYOD programs .