Geeks for your information News Privacy & Security News v
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Alleged Gaming Software Supply-Chain Attack Installs Spyware
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  02 February 21, 08:18
Quote:Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. They then installed malware onto victims’ devices with surveillance-related capabilities.
 
NoxPlayer is developed by BigNox, which is a China-based company that claims that it has over 150 million users worldwide (notably, however, BigNox users are predominantly in Asian countries). When contacted by researchers, BigNox denied being affected by the attack. Threatpost has reached out to BigNox for further comment.
 
“We have contacted BigNox about the intrusion, and they denied being affected,” said Ignacio Sanmillan, malware researcher with ESET, on Monday. “We have also offered our support to help them past the disclosure in case they decide to conduct an internal investigation.”
 
On the heels of the alleged attack, which occurred January 2021, three different malware families have been deployed – reportedly from tailored, malicious updates – to a very select set of victims. Researchers said, out of more than the 100,000 users in their telemetry that have Noxplayer installed on their machines, only five users received a malicious update, showing the attack is a “highly targeted operation.” These victims are based in Taiwan, Hong Kong and Sri Lanka.
 
“We were unsuccessful finding correlations that would suggest any relationships among victims,” said Sanmillan. “However, based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of collecting intelligence on targets somehow involved in the gaming community.”

Researchers claim that the attack vector stems from NoxPlayer’s update mechanism. They said they have “sufficient evidence” to show that the BigNox infrastructure (res06.bignox.com) was compromised to host malware. They also assert that BigNox’s HTTP API infrastructure (api.bignox.com), used for requests and responses between the clients and BigNox servers, may have been compromised as well.

Read more: https://threatpost.com/gaming-software-a...re/163537/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Privazer 4.0.120.2
Privazer 4.0.120.2...harlan4096 — 07:30
Brave 1.88.138 (Chromium 146.0.7680.178)
Release v1.88.138 ...harlan4096 — 07:28
Opera 129.0.5823.44
Hello! New Oper...harlan4096 — 07:27
Microsoft Edge 146.0.3856.97
Version 146.0.3856...harlan4096 — 07:26
AnyDesk 8.0.2 for Linux
Version 8.0.2 for ...harlan4096 — 07:25

[-]
Birthdays
Today's Birthdays
avatar (48)cticigges
avatar (50)ecoFit
avatar (44)soccejeS
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (43)Sanfordbup
avatar (38)Der.Reisende
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>