Sanmillan suggests that to be on the safe side, in case of intrusion it is best to perform a standard reinstall from clean media. The researchers said that the operators behind the attack breached BigNox’s infrastructure to host the malware, with its API infrastructure being compromised. The malware loaders used in the attack had similarities with that of a compromise of Myanmar presidential office website in 2018 and a breach of a Hong Kong university last year. PoisonIvy RAT which was first released in 2005, has been used in several high-profile malware campaigns. Separately, researchers found cases where additional malware like PoisonIvy RAT was downloaded by the BigNox updater from remote servers controlled by the threat actor. To perform the attack, the NoxPlayer update mechanism served as the vector to deliver trojanized versions of the software to users which after installation, delivered three different malicious payloads such as Gh0st RAT to spy on its victims, capture keystrokes, and collect sensitive information. The ongoing attack was first believed to have originated around September last year, which continued until “explicitly malicious activity” was uncovered this week.Īccording to ESET researcher Ignacio Sanmillan, depending on the compromised software in question and the delivered malware exhibiting surveillance capabilities, it may indicate the intent of intelligence collection on targets involved in the gaming community. It is estimated to have over 150 million users in more than 150 countries. It allows users to play mobile games on PC, with support for keyboard, gamepad, script recording, and multiple instances. NoxPlayer is an Android emulator which was developed by Hong Kong-based BigNox. The Slovak cybersecurity firm ESET, dubbed the highly targeted surveillance campaign “Operation NightScout” which involved distributing three different malware families through tailored malicious updates to victims based in Taiwan, Hong Kong, and Sri Lanka. A new supply chain attack that compromises the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs were disclosed by security researchers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |