This additional payload is even more dangerous as it contains the Umbral Stealer which is an info-stealing malware capable of stealing password and cookies containing session tokens from your browser. Once installed, the first executable uses an infected PC’s resources to mine for Monero while the other called “SupremeBot” is used to download an additional payload called “winme.exe” from a command and control ( C&C) server controlled by the hackers behind this campaign.
Once downloaded and extracted on a user’s PC, the archive itself contains three executables including one that installs the actual game along with two others: “java.exe” and “atom.exe.” These other executables are installed in a user’s AppData directory without their knowledge.