It was noticed that through malicious updates, among selected victims were distributed three families of malware. Using the obtained access, the hackers “worked” with the URL address to download the updates and, as a result, distributed malware among NoxPlayer users. The researchers write that they discovered an attack targeting BigNox on January 25, 2021.Īccording to them, the attackers compromised one of the company’s official APIs (), as well as file hosting servers (). The emulator is developed by the Hong Kong company BigNox and is used by more than 150,000,000 users in 150 countries. NoxPlayer is free and designed to emulate Android applications on Windows or macOS computers. * * * ESET experts discovered an attack on the supply chain, during which an unknown hack group compromised the developers of the popular Android emulator NoxPlayer and infected it with the malware code. The GridinSoft Blog is not responsible for the accuracy of the information provided by BigNox. Currently, users are advised not to update the new version of NoxPlayer or completely remove this software on their device.UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.”ĮSET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated that they sent the latest files to the update server for NoxPlayer and that when launching NoxPlayer now will start a scan of application files previously installed on users’ computers.” It can be concluded that this is a clearly targeted attack, targeting only a certain class of users.ĮSET said that at the present time the NoxPlayer update containing the malware was only distributed to five victims in Taiwan, Hong Kong and Sri Lanka.ĮSET reported the details of the attack to BigNox but BigNox denied that they were hacked. ESET says hackers do not attack all users, but only target a few specific devices. There is evidence that BigNox's servers have been compromised since around September 2020. They can only be used for espionage or data collection purposes, " ESET said. There is no indication that hackers are interested in financial interests, so this attack has. "Three different families of malware were spread with fake updates targeting victims in Asia. With this access, the hacker forged the URL to download the NoxPlayer updates on the API server to spread the malicious code onto the victims' computers. Based on the evidence gathered, ESET said the hacker group has hacked into the official API and file-hosting servers of BigNox, the company that develops NoxPlayer. This attack was discovered by security firm ESET on January 25th. From here, the cyber criminals have spread malicious code to a series of victims in Asia. At present, to limit attack by malware, users should not update NoxPlayer software to the latest version.Ī mysterious group of hackers has just attacked the server infrastructure of the Android emulator NoxPlayer software. In case you have just updated the NoxPlayer software, you should uninstall it and wait until there is a new notification from BigNox.ĮSET statistics show that this offensive campaign is aimed at users living in Taiwan, Hong Kong and Sri Lanka. Researchers suggest users to check if there are any processes running in the background and connecting to the network with the C&C server. Immediately after detecting the attack, ESET immediately contacted BigNox, the company denied being affected, declined offers of assistance and decided to conduct an internal investigation. Researchers uncovered three different types of malware in the NoxPlayer update, however, they are designed primarily to monitor users, not to steal money. NoxPlayer was developed by BigNox (a company based in Hong Kong), this software is often used by gamers to run mobile games on computer.
0 Comments
Leave a Reply. |