Did you know The NoxPlayer Android emulator is observed to be attacked by malware, inserted by a hacker group
One of the most popular Android emulator is discovered to contain multiple malware strains, say the security researchers. Reports suggest that the malware group intended to specifically target the Asian community; rather than infecting as many devices it could contaminate; with the virus. To let you know: Android emulator has all the specifications and features like an Android mobile, which allows you to simulate the Android devices on your computer. It also enables you to test your application on several devices and Android API devices, even if you don’t have each physical device.
ESET is an independent security organization that was the first one to identify the issue on 25th January; last week. According to the company, the pieces of evidence based on its research indicate that one of the company’s official API (api.bignox.com) and file hosting servers (res06.bignox.com) was part of the threat actor. For delivering malware to NoxPlayer users; the hacker used this access to attack the download URL of NoxyPlayer in the API server to transfer the virus. The group is known to be called “NightScout.”
The unaware users when downloaded an update on NoxyPlayer, they were unconscious about this that they were downloading several malware strains scrutiny related proficiencies. Without being able to know the first one; the security police were successful in finding out that the second one was the alternative of the Ghost Remote Access Trojan (RAT). The group was deceitful enough to use their own fundaments to deliver a second-stage payload, the Poisonlvy RAT; rather than making use of compromised NoxPlayer updates.
The interesting news is that Nightscout only attacked five of the NoxPlayer users- who were from Sri Lanka, Taiwan, and Hong Kong. This remains a mystery that what was the purpose of the group behind targeting a gaming community as targeted cyberattacks are unusual and are often used to attack government officials or noteworthy businessmen. Reports inform that the spyware group has had access to the BigNox servers since September 2020.
ESET released a report this week, which included technical details for NoxPlayers to confirm if they have received a malware-free update and also included the directions for how to remove the malware. After being faced with this mishap; the spokesperson at BigNox failed to return a request for comment. ESET discovered that this was the third supply chain attack detected over the past two months. The first one was Mongolian government agencies that used software; it was the case of Able Desktop. The second case was that of VGCA which was by the official certificate authority of the Vietnamese government.
Leave a Reply