This popular Android emulator was targeted by hackers
NoxPlayer Android emulator became target
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
UPDATE: NoxPlayer has told us that the issue is now fixed, and that the company has upped its security protection for users.
According toESET, the company has also pushed the latest files to the update server for NoxPlayer and that, upon startup, NoxPlayer will now run a check of the application files previously installed on the users’ machines.
Security researchers have discovered multiple malware strains affecting a popularAndroid emulator. Rather than infect as many devices as possible, it seems that the threat actors involved were specifically targeting certain individuals within the Asian online gaming community.
“In January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide,”explainedIgnacio Sanmillan, one of the ESET researchers that discovered the attacks. “This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual. Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities.”
The different malware strains were delivered by a hacker group known as “NightScout” after it managed to compromise BigNox’s storage infrastructure. The group then infiltrated BigNox’s API infrastructure to deliver its malicious payloads.
Do not update
When unsuspecting NoxPlayer users downloaded an update, they were unknowingly downloading multiple malware strains with surveillance-related capabilities.
The first has not been documented before, while the second was a variant of the Ghost remote access trojan (RAT). NightScout also delivered a second-stage payload, the PoisonIvy RAT, but from their own infrastructure rather than using compromised NoxPlayer updates.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Interestingly, it appears that NightScout only infected five NoxPlayer users with a malicious update, based in Taiwan, Hong Kong, and Sri Lanka.
Although targeted cyberattacks are not unusual, they are more commonly used to target government officials or high-profile businessmen. It is not currently clear why NightScout conducted an espionage operation targeting the gaming community.
ViaBleeping Computer
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
