![]() ![]() ![]() They also announced that Emulators are also restricted from being used, which forces users to play on the PC client. But was not clarified on how severe the punishments would be or how it would work. How does this Affect Alice in the Tier List?ĭuring end of month developer notes for July, it is mentioned that Macro users will now be punished.Team Building 101: Burst and Weapon Types.For uninfected NoxPlayer users, do not download any updates until BigNox sends notification that they have mitigated the threat, furthermore, best practice would be to uninstall the software,”, advises Sanmillan. “To be on the safe side, in case of intrusion, perform a standard reinstall from clean media. The similarities we see relate to instances discovered in a Myanmar presidential office website supply-chain compromise in 2018, and in early 2020 in an intrusion into a Hong Kong university. The third variant, PoisonIvy RAT - a remote access tool popular with cybercriminals was only spottedn activity subsequent to the initial malicious updates and downloaded from attacker-controlled infrastructure.ĮSET has spotted similarities between loaders that our researchers have monitored in the past and some of those used in Operation NightScout. The deployed final payload was an instance of Gh0st RAT (with keylogger capabilities) also widely used among threat actors The first malicious update variant does not seem to have been documented before and has enough capabilities to monitor its victims. The second update variant, in line with the first, was spotted being downloaded from legitimate BigNox infrastructure. In some cases, additional payloads were downloaded by the BigNox updater from attacker-controlled servers,” adds Sanmillan.Ī total of three different malicious update variants were observed by ESET researchers. ![]() “We have sufficient evidence to state that BigNox’s infrastructure was compromised to host malware and also to suggest that their API infrastructure could have been compromised. On launch, if NoxPlayer detects a newer version of the software, it will prompt the user with a message box offering the user the option to install it, thus delivering the malware. In this specific supply-chain attack, the NoxPlayer update mechanism served as the vector of compromise. “Map – Distribution of NightScout victims” Those identified victims are based in Taiwan, Hong Kong and Sri Lanka. “Based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of intelligence collection on targets involved in the gaming community,” elaborates Sanmillan. Operation NightScout is a highly targeted operation with ESET researchers able to identify only several victims. Activity continued apace until we uncovered explicitly malicious activity this week, at which point we reported the incident to BigNox,” says ESET researcher Ignacio Sanmillan, who revealed Operation NightScout. “Based on ESET telemetry, we saw the first indicators of compromise in September 2020. That said, BigNox’s follower base is predominantly in Asian countries. The company claims that it has more than 150 million users in over 150 countries who speak at least 20 different languages. Three different malware families were spotted being distributed from tailored malicious updates to selected victims with no sign of leveraging any financial gain, but rather, only cyberespionage capabilities were seen. ESET dubbed the malicious operation NightScout.īigNox is a company based in Hong Kong that provides various products, primarily an Android emulator for PCs and Macs called NoxPlayer. A few days ago, ESET researchers discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |