Three variantsĪ total of three different malicious update variants have been observed. In some cases, additional payloads were downloaded by the BigNox updater from attacker-controlled servers. On launch, if Nox Player detects a newer version of the software, it will prompt the user with a message offering the user the option to install it, thus delivering the malware.Īccording to Sanmillan, they have sufficient evidence to state that BigNox’ infrastructure had been compromised to host malware and also to suggest that their API infrastructure could have been compromised. In this supply-chain attack, the Nox Player update mechanism serves as the vector of compromise. Based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, researchers believe this may indicate the intent of intelligence collection on targets involved in the gaming community, Sanmillan said. A compromised developerĮSET researchers have identify only several victims to date, all based in Taiwan, Hong Kong and Sri Lanka. The incident was then reported to BigNox, the Hong Kong-based company that developed Nox Player-according to ESET researcher Ignacio Sanmillan. Activity then continued until researchers uncovered explicitly malicious activity this week in 2021. The firm’s telemetry data indicated the first indicators of compromise in September 2020. The app’s update mechanism has been hacked to distribute the malware to selected victims in Asia.Ĭybersecurity investigators from ESET, who announced this campaign, have not discovered any financial gain motive, but rather, have concluded that the malware was designed for cyber espionage. Nox Player-an Android emulator for PCs and Macs-has been found to be the recent target of hackers behind three different malware families. An infected update mechanism has been found to install cyber espionage capabilities to track gamers in Asia.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |