The company’s official website claims that it has over 150 million users in more than 150 countries speaking 20 different languages. About BigNoxīigNox is a company based in Hong Kong, which provides various products, primarily an Android emulator for PCs and Macs called NoxPlayer. We spotted similarities in loaders we have been monitoring in the past with some of the ones used in this operation, such as instances we discovered in a Myanmar presidential office website supply-chain compromise on 2018, and in early 2020 in an intrusion into a Hong Kong university. Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities. This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual. In January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox's product range with over 150 million users worldwide. adopt additional measures, notably encryption of sensitive data, to avoid exposing users’ personal informationīigNox have also stated that they have pushed the latest files to the update server for NoxPlayer and that, upon startup, NoxPlayer will now run a check of the application files previously installed on the users’ machines.ĮSET assumes no responsibility for the accuracy of the information provided by BigNox.ĭuring 2020, ESET research reported various supply-chain attacks, such as the case of WIZVERA VeraPort, used by government and banking websites in South Korea, Operation StealthyTrident compromising the Able Desktop chat software used by several Mongolian government agencies, and Operation SignSight, compromising the distribution of signing software distributed by the Vietnamese government.implement file integrity verification using MD5 hashing and file signature checks. ![]() ![]() use only HTTPS to deliver software updates in order to minimize the risks of domain hijacking and Man-in-the-Middle (MitM) attacks.Following the publication of our research, BigNox have contacted us to say that their initial denial of the compromise was a misunderstanding on their part and that they have since taken these steps to improve security for their users:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |