NoxPlayer is an Android Emulator that enable users to play android games on Windows and MacOS systems. In a recent highly targeted and sophisticated attack Supply Chain Attack on NoxPlayer was detected. The attack dubbed as Operation NightScout by ESET who detected it. The malicious files were push to only five selected users as an update from NoxPlayer parent company BigNox servers. The malware only do reconnaissance and collect information which may be later used in a bigger attack. A total of three different malicious update variants were observed by ESET researchers. The first malicious update variant does not seem to have been documented before and has enough capabilities to monitor its victims. The second update variant, in line with the first, was spotted being downloaded from legitimate BigNox infrastructure. The deployed final payload was an instance of Gh0st RAT (with keylogger capabilities) also widely used among threat actors.
Download NightScout Malware Pack