Hackers Attack Gaming Community Using Supply Chain Attacks
Researchers at ESET found that NoxPlayer’s latest updated mechanism, which is an android emulator for macOS and Windows, was attacked by hackers. The attacker used the hack to corrupt gamer systems with malware. BigNox, a Hongkong based company, makes these emulators. Gamers across 150 countries around the world use NoxPlayer, says BigNox. However, research by ESET indicates that the supply chain attack only focused on Asian gamers. The attacker used three different malware strains.
The threat actor behind the attack is currently named “Nightscout.”
To plant corrupt payloads in their victims’ systems, Nightscout attacked BigNox’s “res06.bignox.com storage infrastructure” to store the trojan and “api.bignox.com API infrastructure” to run the payloads.
ESET report says, “in January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual.”
Experts at ESET are positive about BigNox’s infrastructure compromise used to host malware, along with the compromise of their API infrastructure. In few cases, attacked used BigNox updater to download additional payloads using hacker-controlled servers. ESET discovered few other supply chain attacks in 2020 like “Operation SignSight” which attacked the Vietnamese government and compromised their software, and “Operation StealthyTrident” which attacked desktop users, the banking sector, and government agencies. However, Operation Nightscout is slightly different, and more dangerous, as it attacked the gaming community to gain intelligence. It is rare to collect information through espionage attacks on the gaming community, which makes operation Nightscout a bigger threat.
“We spotted similarities in loaders we have been monitoring in the past with some of the ones used in this operation, such as instances we discovered in a Myanmar presidential office website supply-chain compromise on 2018, and in early 2020 in an intrusion into a Hong Kong university. Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities,” says ESET.