The victims are then tricked into updating the application in order to download the malware. On launching the application, a message is shown to the victims prompting the update to install the malicious application. The report notes the attackers use NoxPlayer’s update mechanism as the initial attack vector. "We have also offered our support to help them past the disclosure in case they decide to conduct an internal investigation." Attack Tactics "We have contacted BigNox about the intrusion, and they denied being affected," according to ESET. But the potential to do a great deal more damage remains. In this case, when NoxPlayer customers updated the software, the malicious application delivered three malware variants with surveillance capabilities, the report notes (see: SolarWinds Hackers Cast a Wide Net).ĮSET estimates that so far only five NoxPlayer customers, based in Taiwan, Hong Kong and Sri Lanka, have been infected by the malware out of an estimated 100,000 NoxPlayer users worldwide. The campaign functioned like the SolarWinds attack, which spread when the company pushed out a software update. The supply chain attack involves hackers compromising BigNox's product called NoxPlayer, which is used by gamers to play mobile games on their computers. See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention ChallengeĮSET notes the campaign has been ongoing since September 2020 and has targeted customers of BigNox, a Hong Kong-based Android emulator software developer. Supply-chain attacks will continue to be a common compromise vector leveraged by cyber-espionage groups, and its complexity may impact the discovery and mitigation of these type of incidents,” ESET noted.A cyberespionage campaign is targeting game developers in Asia using an infected Android emulator app as part of a supply chain attack, a report issued this week by security firm ESET finds. “The supply-chain compromise involved in Operation NightScout is particularly interesting due to the targeted vertical, as we rarely encounter many cyberespionage operations targeting online gamers. The other two malware strains included a variant of the Ghost RAT with keylogger capabilities, and a variant of the PoisonIvy RAT. One was a previously unreported malware, not extremely complex, but capable of monitoring victims. The researchers identified three malware families delivered via this supply-chain attack. The malicious updates were sent to victims in September 2020, with additional payloads downloaded from attacker-controlled infrastructure at the end of 2020 and in early 2021. These users were based in Taiwan, Hong Kong and Sri Lanka, and researchers were unable to find connections between the victims.īased on its findings the security firm believes that the purpose of this campaign is cyber espionage, not financial gain. The researchers said that they informed BigNox of a security breach, but the company denied it was hacked.ĮSET telemetry showed that more than 100,000 of users had Noxplayer installed on their machines, however, only five of them received a malicious update. The attackers then tampered with the URL field, provided in the reply from the BigNox API, in order to deliver malware-laced updates to users. The campaign was discovered on January 25, 2021, and targeted BigNox, a Hong Kong-based company behind NoxPlayer, which claims to have more than 150 million users worldwide, most of them located in Asia.Īccording to ESET, the malicious actor compromised one of the company's official API () and file-hosting servers (). The server infrastructure of a popular Android emulator was allegedly compromised in a cyber espionage campaign that targeted online gamers in Asia, with only a handful of selected victims receiving malware.ĭubbed “Operation NightScout” by ESET researchers, the highly-targeted supply-chain attack involved compromised update mechanism of NoxPlayer, an Android emulator for PCs and Macs, used by gamers in order to play mobile games from their computers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |