Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company.
Called Operation NightScout, the campaign apparently involved a breach at BigNox, the company behind NoxPlayer, an Android emulator that allows users to run mobile apps on PCs or Macs, and which claims to have more than 150 million users worldwide, most of them located in Asia.
After compromising the update mechanism for NoxPlayer, the threat actor behind the attack pushed a series of tailored malicious updates that resulted in three different malware families being installed on the devices of a handful of selected victims.
The highly targeted nature of the attack, ESET’s security researchers say, suggests that the purpose of this campaign is surveillance, and not financial gain: only five out of 100,000 ESET users running NoxPlayer on their machines received a malicious update.
The updates were delivered to victims in Hong Kong, Sri Lanka, and Taiwan, but ESET was unable to find connections between the victims, aside from the use of the same gaming emulator.
In addition to compromising the BigNox infrastructure to host malware, the threat actor might have compromised the company’s HTTP API infrastructure, ESET says, explaining that additional payloads were observed being downloaded by the BigNox updater from attacker’s servers.
“This suggests that the URL field, provided in the reply from the BigNox API, was tampered with by the attackers,” the researchers note.
ESET says it has notified BigNox about its findings, but the company has apparently denied being breached.
The malicious updates were sent to victims in September 2020, with additional payloads downloaded from attacker-c ..
Support the originator by clicking the read the rest link below.
