ESET researchers have discovered a highly targeted supply chain attack using the compromised machines of NoxPlayer. They said that an unknown hacking group had taken over BigNox, the maker NoxPlayer and served malicious updates to the users of NoxPlayer. Also, it’s reported that the group isn’t a financially motivated one, but did for spying.
NoxPlayer Malicious Update
NoxPlayer is a popular Android emulator similar to BlueStacks. It’s used for emulating the Android apps in phone onto PCs running Windows and macOS. While it has millions of users from around the world, ESET, a Slovak cybersecurity firm said that a handful of users were targeted in a recently spotted campaign.
ESET researchers said that an unknown hacking group has compromised one of the officials APIs of BigNox, maker of NoxPlayer, and its file hosting servers. With this access in hand, they moved on to alter the download link of the NoxPlayer update with a malware-laced update, infecting the users who updated using the link.
Researchers have spotted three different malware families, each relating to other strains used in another supply chain attack against the Myanmar presidential office in 2018 and in 2020’s Hong Kong University. Now, though the hackers had access to BigNox servers since September last year, they targeted only five users.
These five targets are located in Taiwan, Hong Kong, and Sri Lanka, and weren’t targeted for gaining financial benefit, but reconnaissance. This highly targeted supply chain attack was detailed by ESET researchers in their blog post, along with detection measures to avoid such malicious NoxPlayer update and how to remove them if infected.