Security News > 2021 > February > NoxPlayer Android Emulator Supply-Chain Attack
It seems to be the season of sophisticated supply-chain attacks.
ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company's official API and file-hosting servers.
Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users.
Despite evidence implying that attackers had access to BigNox servers since at least September 2020, ESET said the threat actor didn't target all of the company's users but instead focused on specific machines, suggesting this was a highly-targeted attack looking to infect only a certain class of users.
Until today, and based on its own telemetry, ESET said it spotted malware-laced NoxPlayer updates being delivered to only five victims, located in Taiwan, Hong Kong, and Sri Lanka.
I don't know if there are actually more supply-chain attacks occurring right now.
News URL
https://www.schneier.com/blog/archives/2021/02/noxplayer-android-emulator-supply-chain-attack.html
Related news
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- DragonForce ransomware abuses SimpleHelp in MSP supply chain attack (source)
- Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU (source)