NoxPlayer is a popular android emulator for PCs and Macs. As per the latest reports, the emulator has been delivering malware to computers. It is said that a Hacker group has inserted malware in the app across Asia and has targeted a supply chain attack.
Hacker Inserted Malware in NoxPlayer Emulator
The security firm ESET has discovered the attack on 25th January and targeted BigNox. According to the firm, the data that is researched by them is a threat actor compromised one of the company’s official API (api.bignox.com) and also a file-hosting server (res06.bignox.com).
So, to deliver the malware to NoxPlayer users, the hackers are using this access with a download URL of NoxPlayer updates in the API server.
ESET security firm said they have spotted three different malware families that are distributing the malware. Even after having evidence that the attackers are having access to BigNox servers from September 2020, the hacker did not target all the users of the company. The hacker has focused mainly on machines, which was a highly-targeted attack looking to infect a few of the users only.
According to ZDNet, the ESET said, they have spotted the malware NoxPlayer updates is delivered to five victims only that are located in Taiwan, Hong Kong, and Sri Lanka.
The security firm has reported technical details of the apps to check if the users have received a malware update and how can they remove it.
A ESET spokesperson said in an email,
“We discard the possibility that this operation is the product of some financially motivated group. We are still investigating, but we have found tangible correlations to a group we internally call Stellera, which we will be reporting about in the near future.”
ESET said, there are similarities of this malware to other malware strains that were used in the Myanmar presidential office website supply-chain in 2018 and the other in an intrusion in Hong Kong university in early 2020. This incident is also a third supply chain attack.
So, guys, be safe and do not update NoxPlayer if you are using the app. Check the URL link properly if you are updating the emulator app.