Interestingly, it appears that NightScout only infected five NoxPlayer users with a malicious update, based in Taiwan, Hong Kong, and Sri Lanka.Īlthough targeted cyberattacks are not unusual, they are more commonly used to target government officials or high-profile businessmen. NightScout also delivered a second-stage payload, the PoisonIvy RAT, but from their own infrastructure rather than using compromised NoxPlayer updates. The first has not been documented before, while the second was a variant of the Ghost remote access trojan (RAT). When unsuspecting NoxPlayer users downloaded an update, they were unknowingly downloading multiple malware strains with surveillance-related capabilities. Also, check out our roundup of the best malware removal tools.These are the best identity theft protection services on the market.We've built a list of the best Android antivirus apps around.The second is the case of VGCA, the official certification authority of the Vietnamese government. The first is the case of Able Desktop, software used by many Mongolian government agencies. This incident is also the third supply chain attack discovered by ESET in the past two months. a Myanmar Presidential Office website in 2018 and early 2020 during an intrusion into a university in Hong Kong. These correlations referred to the three strains of malware deployed via malicious updates to NoxPlayer, which ESET said contained “similarities” to other strains of malware used in a supply chain compromise. “We are still investigating, but we have found tangible correlations with a group we internally call Stellera, which we will report on in the near future.” “We rule out the possibility that this transaction was the product of a financially motivated group,” an ESET spokesperson told ZDNet today by email. After this article was posted online, a BigNox spokesperson told ZDNet in an email that it has now engaged with ESET to further investigate the breach. So far, and based on its own telemetry, ESET said it spotted NoxPlayer updates containing malware delivered to just five victims, located in Taiwan, Hong Kong and Sri Lanka.ĮSET today released a report containing technical details for NoxPlayers to determine if they have received an update containing malware and how to remove it.ĮSET said BigNox denied being hacked last week. “Three different malware families have been spotted being distributed from personalized malicious updates to selected victims, with no signs of leveraging financial gain, but rather monitoring capabilities.”, ESET said in a report shared today with ZDNet.ĭespite the evidence suggesting that attackers had access to BigNox servers since at least September 2020, ESET said the threat actor was not targeting all users in the company but instead focused on specific machines, suggesting that it was a very targeted attack seeking to infect certain class of users. Using this access, the hackers spoofed the NoxPlayer update download URL in the API server to deliver malware to NoxPlayer users. The attack was discovered by Slovak security firm ESET on January 25 last week and targeted BigNox, a company that makes NoxPlayer, a software client to emulate Android apps on Windows or macOS desktops.ĮSET claims that based on the evidence gathered by its researchers, a threat actor compromised one of the company’s official APIs ( ) and file hosting servers ( ). A mysterious hacking group compromised the server infrastructure of a popular Android emulator and delivered malware to a handful of victims across Asia in a highly targeted supply chain attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |