After malware was detected on free VPNs by Proofpoint researchers, it was ESET computer security experts’ turn to discover various malware on a server. Popular Android emulator called NoxPlayer. this emulator records 150 million users worldwide, it has the advantage of being particularly easy to use and also has a practical APK manager to transfer applications in APK format from your PC to the Android virtual machine.
According to ESET researchers, the hackers behind this attack, Infiltration of BigNox server infrastructuresthe publisher of NoxPlayer. Specifically, the hacker group was compromised one of the official APIs Company as well as client file hosting servers.
Also read: 10 best Android emulators on PC and Mac
Three malware families
With this access, the hackers changed the URL Download NoxPlayer updates on the API server to distribute multiple malware to users’ computers.”Three different malware families were found to be distributed to selected victims via special updates with no indication of financial gain, but rather surveillance-related capabilities. He tells ESET in his report:
According to researchers, hackers used PoisonIvy to track their targets. This spyware has already been used by Chinese intelligence agents to hack about ten mobile operators in 2019. In addition, the hackers in question had access to BigNox servers since September 2020, but strangely, the threat did not target all users of the emulator, but only a handful. In fact, ESET experts only five victims in total located in Taiwan, Hong Kong and Sri Lanka.
For now, the motivation of the hackers is unknown. After the publication of the report by ESET researchers, BigNox decided to launch an investigation in cooperation with ESET to determine how these hackers were able to infiltrate their systems. In the meantime, It is not recommended to update NoxPlayerUntil the malware is removed.
Source : ZDNet
