![]() “We have sufficient evidence to state that BigNox’s infrastructure was compromised to host malware and also to suggest that their API infrastructure could have been compromised. On launch, if NoxPlayer detects a newer version of the software, it will prompt the user with a message box offering the user the option to install it, thus delivering the malware. In this specific supply-chain attack, the NoxPlayer update mechanism served as the vector of compromise. “Based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of intelligence collection on targets involved in the gaming community,” elaborates Sanmillan. Those identified victims are based in Taiwan, Hong Kong and Sri Lanka. Operation NightScout is a highly targeted operation with ESET researchers able to identify only several victims. Activity continued apace until we uncovered explicitly malicious activity this week, at which point we reported the incident to BigNox,” says ESET researcher Ignacio Sanmillan, who revealed Operation NightScout. “Based on ESET telemetry, we saw the first indicators of compromise in September 2020. That said, BigNox’s follower base is predominantly in Asian countries. ![]() The company claims that it has more than 150 million users in over 150 countries who speak at least 20 different languages. ESET dubbed the malicious operation NightScout.īigNox is a company based in Hong Kong that provides various products, primarily an Android emulator for PCs and Macs called NoxPlayer. Three different malware families were spotted being distributed from tailored malicious updates to selected victims with no sign of leveraging any financial gain, but rather, only cyberespionage capabilities were seen. ESET researchers discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs. ![]()
0 Comments
Leave a Reply. |