However, ESET pointed out that the three malware strains implemented through harmful NoxPlayer updates had “similarities” with other malware strains used in a compromise on the supply chain of the Myanmar presidential office website in 2018 and early 2020 in an intrusion into a Hong Kong university. It is unclear whether the NoxPlayer compromise is the work of a state-sponsored group or a financially motivated group that seeks to compromise game developers. The second is the case of VGCA, the official certification authority of the Vietnamese government.ĮSET researchers have not officially linked the incident to a well-known hacking group. Zyxel: Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways ( Archive) - NoxPlayer: Hacker group inserted malware in NoxPlayer Android emulator ( Archive) - npm, PyPI, Rubygems (white-hat): Researcher hacks over 35 tech firms in novel supply chain attack. The first is the case of Able Desktop, software used by many Mongolian government agencies. This incident is also the third attack on the supply chain discovered by ESET in the last two months. To date, and based on its own telemetry, ESET has said it has noticed NoxPlayer updates related to malware delivered to only five victims, located in Taiwan, Hong Kong and Sri Lanka.ĮSET today released a report with technical details for NoxPlayers to determine if they received a malware update and how to remove the malware.Ī BigNox spokesman did not return a request for comment. “Three different families of distributed malware have been observed from malicious updates customized to selected victims, with no signs of financial gain, but rather surveillance capabilities,” ESET said in a report released today with ZDNet.ĭespite evidence suggesting that the attackers had access to BigNox’s servers since at least September 2020, ESET said the threat actor did not target all company users, but focused on specific machines, suggesting that this was a highly targeted attack that aims to infect only a certain class of users. Using this access, hackers changed the NoxPlayer update download URL to the API server to deliver malware to NoxPlayer users. The attack was discovered by Slovak security firm ESET on January 25 last week and targeted BigNox, a company that makes NoxPlayer a software client for emulating Android applications on Windows or MacOS desktops.ĮSET says that, based on evidence gathered by its researchers, a threatening actor compromised one of the company’s official APIs ( ) and file hosting servers ( ). A mysterious hacking group has compromised the server infrastructure of a popular Android emulator and delivered malware to a handful of Asian victims in a highly targeted supply chain attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |