Quote:Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. They then installed malware onto victims’ devices with surveillance-related capabilities.
NoxPlayer is developed by BigNox, which is a China-based company that claims that it has over 150 million users worldwide (notably, however, BigNox users are predominantly in Asian countries). When contacted by researchers, BigNox denied being affected by the attack. Threatpost has reached out to BigNox for further comment.
“We have contacted BigNox about the intrusion, and they denied being affected,” said Ignacio Sanmillan, malware researcher with ESET, on Monday. “We have also offered our support to help them past the disclosure in case they decide to conduct an internal investigation.”
On the heels of the alleged attack, which occurred January 2021, three different malware families have been deployed – reportedly from tailored, malicious updates – to a very select set of victims. Researchers said, out of more than the 100,000 users in their telemetry that have Noxplayer installed on their machines, only five users received a malicious update, showing the attack is a “highly targeted operation.” These victims are based in Taiwan, Hong Kong and Sri Lanka.
“We were unsuccessful finding correlations that would suggest any relationships among victims,” said Sanmillan. “However, based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of collecting intelligence on targets somehow involved in the gaming community.”
Researchers claim that the attack vector stems from NoxPlayer’s update mechanism. They said they have “sufficient evidence” to show that the BigNox infrastructure (res06.bignox.com) was compromised to host malware. They also assert that BigNox’s HTTP API infrastructure (api.bignox.com), used for requests and responses between the clients and BigNox servers, may have been compromised as well.
Read more: https://threatpost.com/gaming-software-a...re/163537/
![[-]](https://www.geeks.fyi/images/collapse.png)
