![]() ![]() In case of intrusion - standard reinstall from clean media.a file named %LOCALAPPDATA%\Nox\update\UpdatePackageSilence.exe not digitally signed by BigNox.C:\Program Files\Internet Explorer\ieproxysocket.dll.C:\Program Files\Internet Explorer\ieproxysocket64.dll.How to determine if I received a malicious update or not: check if any ongoing process has an active network connection with known active C&C servers, or see if any of the malware based on the file names we provided in the report is installed in:.We have also offered our support to help them past the disclosure in case they decide to conduct an internal investigation. We have contacted BigNox about the intrusion, and they denied being affected. However, it’s important to note that the BigNox follower base is predominantly in Asian countries.īigNox also wrote an extensive blogpost in 2019 on the use of VPNs in conjunction with NoxPlayer, showing the company’s concern for their users' privacy. The company’s official website claims that it has over 150 million users in more than 150 countries speaking 20 different languages. About BigNoxīigNox is a company based in Hong Kong, which provides various products, primarily an Android emulator for PCs and Macs called NoxPlayer. We spotted similarities in loaders we have been monitoring in the past with some of the ones used in this operation, such as instances we discovered in a Myanmar presidential office website supply-chain compromise on 2018, and in early 2020 in an intrusion into a Hong Kong university. Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities. This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual. In January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox's product range with over 150 million users worldwide. adopt additional measures, notably encryption of sensitive data, to avoid exposing users’ personal informationīigNox have also stated that they have pushed the latest files to the update server for NoxPlayer and that, upon startup, NoxPlayer will now run a check of the application files previously installed on the users’ machines.ĮSET assumes no responsibility for the accuracy of the information provided by BigNox.ĭuring 2020, ESET research reported various supply-chain attacks, such as the case of WIZVERA VeraPort, used by government and banking websites in South Korea, Operation StealthyTrident compromising the Able Desktop chat software used by several Mongolian government agencies, and Operation SignSight, compromising the distribution of signing software distributed by the Vietnamese government. ![]() implement file integrity verification using MD5 hashing and file signature checks. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |