NoxPlayer emulator was hacked and malicious code inserted

NoxPlayer was developed by BigNox (a company based in Hong Kong), this software is often used by gamers to run mobile games on computer.

Researchers uncovered three different types of malware in the NoxPlayer update, however, they are designed primarily to monitor users, not to steal money.

NoxPlayer emulator was hacked and malicious code inserted Picture 1

Immediately after detecting the attack, ESET immediately contacted BigNox, the company denied being affected, declined offers of assistance and decided to conduct an internal investigation.

Researchers suggest users to check if there are any processes running in the background and connecting to the network with the C&C server. In case you have just updated the NoxPlayer software, you should uninstall it and wait until there is a new notification from BigNox.

ESET statistics show that this offensive campaign is aimed at users living in Taiwan, Hong Kong and Sri Lanka. At present, to limit attack by malware, users should not update NoxPlayer software to the latest version.

Update...

A mysterious group of hackers has just attacked the server infrastructure of the Android emulator NoxPlayer software. From here, the cyber criminals have spread malicious code to a series of victims in Asia.

This attack was discovered by security firm ESET on January 25th. Based on the evidence gathered, ESET said the hacker group has hacked into the official API and file-hosting servers of BigNox, the company that develops NoxPlayer.

With this access, the hacker forged the URL to download the NoxPlayer updates on the API server to spread the malicious code onto the victims' computers.

NoxPlayer emulator was hacked and malicious code inserted Picture 2

"Three different families of malware were spread with fake updates targeting victims in Asia. There is no indication that hackers are interested in financial interests, so this attack has. They can only be used for espionage or data collection purposes, " ESET said.

There is evidence that BigNox's servers have been compromised since around September 2020. ESET says hackers do not attack all users, but only target a few specific devices. It can be concluded that this is a clearly targeted attack, targeting only a certain class of users.

ESET said that at the present time the NoxPlayer update containing the malware was only distributed to five victims in Taiwan, Hong Kong and Sri Lanka.

ESET reported the details of the attack to BigNox but BigNox denied that they were hacked. Currently, users are advised not to update the new version of NoxPlayer or completely remove this software on their device.

Jessica Tanner

Update 02 February 2021