In a recent development, an unknown hacker group has got hold of the popular Android emulator NoxPlayer to insert malware on victim’s devices in the Asian region. The attack is targeted on BigNox and the discovery was made by Slovak security firm ESET last week. Apparently, NoxPlayer is famous among geeks who like to emulate Android apps (games mostly) on their Windows or macOS system. According to the security firm, the attack comes from an unidentified thread monger who gained access to the company’s digital resources.
This hack, the attacker(s) accomplished by spooking into the company’s official API (api.bignox.com) and the file-hosting servers (res06.bignox.com). Once they got in the next step was to alter the download URL of the NoxPlayer updates and install the malware in the file which would get downloaded on the unfortunate user’s system.
According to ESET, the main motive was not any monetary demands or hacks – rather surveillance-related capabilities. For this three different malware were used which were tailored for select victims.
It is a bit baffling that the hackers had access to the BigNox server ever since September last year but they employed a peculiar strategy to not get caught. They targeted some machines of some class of users – the online gaming community in particular.
That’s the reason so far only five victims in Asia – located in places including Taiwan, Hong Kong, and Sri Lanka. To help out others no to fall victim of the malware attack, ESET has revealed their report with the details of the methodology and how to determine if the NoxPlayer you have is infected or not.
According to ESET, they are investigating further to identify the group involved and they doubt there is some interconnection with a group the team internally refers to as Stellera. They concluded this based on the similarities in the malware strains to the one used in Myanmar presidential official website hacked in 2018. That breach targeted the Hong Kong University.