Security News > 2021 > February > A New Software Supply‑Chain Attack Targeted Millions With Spyware

Cybersecurity researchers today disclosed a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs.

Dubbed "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong, and Sri Lanka.

First signs of the ongoing attack are said to have originated around September 2020, from when the compromise continued until "Explicitly malicious activity" was uncovered on January 25, prompting ESET to report the incident to BigNox.

"Based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of intelligence collection on targets involved in the gaming community," said ESET researcher Ignacio Sanmillan.

To carry out the attack, the NoxPlayer update mechanism served as the vector to deliver trojanized versions of the software to users that, upon installation, delivered three different malicious payloads such as Gh0st RAT to spy on its victims, capture keystrokes, and gather sensitive information.

Noting that the malware loaders used in the attack shared similarities with that of a compromise of Myanmar presidential office website in 2018 and a breach of a Hong Kong university last year, ESET said the operators behind the attack breached BigNox's infrastructure to host the malware, with evidence alluding to the fact that its API infrastructure could have been compromised.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/AUv4_yxnAu8/a-new-software-supplychain-attack.html