Gap
Advanced
- Joined
- 14.09.20
- Messages
- 137
- Reaction score
- 1,265
- Points
- 93
NoxPlayer is designed to run Android applications on computers running Windows and Mac operating systems.
The antivirus company ESET announced the disclosure of its experts of a new attack on the supply chain, the object of which was the mechanism for updating the popular application for gamers NoxPlayer.
NoxPlayer is developed by Hong Kong-based BigNox and is designed to run Android applications on computers running Windows and Mac operating systems. The number of users of the emulator worldwide exceeds 150 million people.
"According to ESET telemetry, the first signs of compromise were recorded in September 2020. The malicious activity continued until the discovery last week, which was also alerted to BigNox, " the company quoted ESET researcher Ignacio Sanmillan as saying.
After studying the nature and consequences of the hack, the experts concluded that the attack on the supply chain was not aimed at obtaining an immediate financial benefit. The malware delivered to users is spyware and is designed to collect data about members of the gaming community. Infection is carried out through the emulator update mechanism. Malware is downloaded when the user agrees to install a new version of NoxPlayer.
ESET detected three different variants of malicious updates. Two of them were loaded from the legitimate BigNox infrastructure, including the Gh0st RAT with keylogger capabilities. The third option – the PoisonIvy RAT remote access tool-was downloaded from the infrastructure controlled by the attackers.
Compromised NoxPlayer users are advised to remove the emulator program or perform a standard reinstall from a clean media. For those who have not updated for a long time, ESET employees advise you to wait for the official notification of BigNox about the elimination of the threat.
The antivirus company ESET announced the disclosure of its experts of a new attack on the supply chain, the object of which was the mechanism for updating the popular application for gamers NoxPlayer.
NoxPlayer is developed by Hong Kong-based BigNox and is designed to run Android applications on computers running Windows and Mac operating systems. The number of users of the emulator worldwide exceeds 150 million people.
"According to ESET telemetry, the first signs of compromise were recorded in September 2020. The malicious activity continued until the discovery last week, which was also alerted to BigNox, " the company quoted ESET researcher Ignacio Sanmillan as saying.
After studying the nature and consequences of the hack, the experts concluded that the attack on the supply chain was not aimed at obtaining an immediate financial benefit. The malware delivered to users is spyware and is designed to collect data about members of the gaming community. Infection is carried out through the emulator update mechanism. Malware is downloaded when the user agrees to install a new version of NoxPlayer.
ESET detected three different variants of malicious updates. Two of them were loaded from the legitimate BigNox infrastructure, including the Gh0st RAT with keylogger capabilities. The third option – the PoisonIvy RAT remote access tool-was downloaded from the infrastructure controlled by the attackers.
Compromised NoxPlayer users are advised to remove the emulator program or perform a standard reinstall from a clean media. For those who have not updated for a long time, ESET employees advise you to wait for the official notification of BigNox about the elimination of the threat.