![]() This remains a mystery that what was the purpose of the group behind targeting a gaming community as targeted cyberattacks are unusual and are often used to attack government officials or noteworthy businessmen. The interesting news is that Nightscout only attacked five of the NoxPlayer users- who were from Sri Lanka, Taiwan, and Hong Kong. The group was deceitful enough to use their own fundaments to deliver a second-stage payload, the Poisonlvy RAT rather than making use of compromised NoxPlayer updates. Without being able to know the first one the security police were successful in finding out that the second one was the alternative of the Ghost Remote Access Trojan (RAT). The unaware users when downloaded an update on NoxyPlayer, they were unconscious about this that they were downloading several malware strains scrutiny related proficiencies. The group is known to be called “NightScout.” ![]() For delivering malware to NoxPlayer users the hacker used this access to attack the download URL of NoxyPlayer in the API server to transfer the virus. According to the company, the pieces of evidence based on its research indicate that one of the company’s official API () and file hosting servers () was part of the threat actor. It also enables you to test your application on several devices and Android API devices, even if you don’t have each physical device.ĮSET is an independent security organization that was the first one to identify the issue on 25th January last week. To let you know: Android emulator has all the specifications and features like an Android mobile, which allows you to simulate the Android devices on your computer. Reports suggest that the malware group intended to specifically target the Asian community rather than infecting as many devices it could contaminate with the virus. One of the most popular Android emulator is discovered to contain multiple malware strains, say the security researchers. Therefore, so far, only five people from Taiwan, Hong Kong and Sri Lanka have been identified as affected by the infected version of NoxPlayer.Did you know The NoxPlayer Android emulator is observed to be attacked by malware, inserted by a hacker group Based on this, the experts conclude that they have discovered a narrowly targeted attack aimed at infecting a certain class of users. While analysts believe the attackers have had access to BigNox’s servers since at least September 2020, the hackers did not attack the company’s entire sizable user base, but instead focused their efforts on specific machines. The other two malware were already known to experts: they were variations of Gh0st RAT (with keylogger capabilities) and PoisonIvy RAT. A previously unknown malware that allows tracking victims and that is also capable of executing commands received from the command and control server, deleting files, downloading and uploading files, and so on. The following threats were distributed through NoxPlayer. They do not contain any indication that hackers are pursuing financial gain, but rather are intended for surveillance. It was noticed that through malicious updates, among selected victims were distributed three families of malware. Using the obtained access, the hackers “worked” with the URL address to download the updates and, as a result, distributed malware among NoxPlayer users. The researchers write that they discovered an attack targeting BigNox on January 25, 2021.Īccording to them, the attackers compromised one of the company’s official APIs (), as well as file hosting servers (). ![]() The emulator is developed by the Hong Kong company BigNox and is used by more than 150,000,000 users in 150 countries. NoxPlayer is free and designed to emulate Android applications on Windows or macOS computers. * * * ESET experts discovered an attack on the supply chain, during which an unknown hack group compromised the developers of the popular Android emulator NoxPlayer and infected it with the malware code. The GridinSoft Blog is not responsible for the accuracy of the information provided by BigNox. UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.”ĮSET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated that they sent the latest files to the update server for NoxPlayer and that when launching NoxPlayer now will start a scan of application files previously installed on users’ computers.” ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |