![]() ![]() Therefore, so far, only five people from Taiwan, Hong Kong and Sri Lanka have been identified as affected by the infected version of NoxPlayer. ![]() Based on this, the experts conclude that they have discovered a narrowly targeted attack aimed at infecting a certain class of users. While analysts believe the attackers have had access to BigNox’s servers since at least September 2020, the hackers did not attack the company’s entire sizable user base, but instead focused their efforts on specific machines. The other two malware were already known to experts: they were variations of Gh0st RAT (with keylogger capabilities) and PoisonIvy RAT. A previously unknown malware that allows tracking victims and that is also capable of executing commands received from the command and control server, deleting files, downloading and uploading files, and so on. The following threats were distributed through NoxPlayer. Febru0 In a recent development, an unknown hacker group has got hold of the popular Android emulator NoxPlayer to insert malware on victim’s devices in the Asian region. They do not contain any indication that hackers are pursuing financial gain, but rather are intended for surveillance. It was noticed that through malicious updates, among selected victims were distributed three families of malware. Using the obtained access, the hackers “worked” with the URL address to download the updates and, as a result, distributed malware among NoxPlayer users. The researchers write that they discovered an attack targeting BigNox on January 25, 2021.Īccording to them, the attackers compromised one of the company’s official APIs (), as well as file hosting servers (). The emulator is developed by the Hong Kong company BigNox and is used by more than 150,000,000 users in 150 countries. NoxPlayer is free and designed to emulate Android applications on Windows or macOS computers. * * * ESET experts discovered an attack on the supply chain, during which an unknown hack group compromised the developers of the popular Android emulator NoxPlayer and infected it with the malware code. The GridinSoft Blog is not responsible for the accuracy of the information provided by BigNox. Now click on Uninstall in the Nox installation wizard to confirm the installation. Then click uninstall again to get the process started. Head to the Start Menu search and type Nox. The second is the case of the VGCA, the official certificate authority of the Vietnamese government.UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.”ĮSET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated that they sent the latest files to the update server for NoxPlayer and that when launching NoxPlayer now will start a scan of application files previously installed on users’ computers.” Here is how you can do it in a few easy steps on Windows 10 and later versions. 'Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities. The first is the case of Able Desktop, software used by many Mongolian government agencies. Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users. This incident is also the third supply chain attack discovered by ESET over the past two months. These correlations referred to the three malware strains deployed via malicious NoxPlayer updates, which ESET said contained "similarities" to other malware strains used in a Myanmar presidential office website supply-chain compromise in 2018 and early 2020 in an intrusion into a Hong Kong university. "We are still investigating, but we have found tangible correlations to a group we internally call Stellera, which we will be reporting about in the near future." "We discard the possibility that this operation is the product of some financially motivated group," an ESET spokesperson told ZDNet today via email. adopt additional measures, notably encryption of sensitive data, to avoid exposing users' personal informationĪs for who's behind the attack, ESET doesn't know, but it knows who it wasn't. Hacker Group Inserted Malware in NoxPlayer Android Emulator How Secmentis Can Help Why Penetration Testing The secret of getting ahead is getting started.implement file integrity verification using MD5 hashing and file signature checks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |