Popular NoxPlayer emulator hacked

Experts uncovered a new attack targeting the NoxPlayer update mechanism. Cyber specialists have detected three types of malicious programs at once, aimed at spying on the emulator’s users.

ESET researcher Ignacio Sanmillan said: 

Based on ESET telemetry, we saw the first signs of a breach in September 2020. At the end of January 2021, the activity became clearly malicious, after which we reported the incident to BigNox. ” 

According to experts, malware belongs to the class of spyware and is designed to collect data about the gaming community members. Infection is carried out through the emulator update mechanism. Malware is downloaded when the user agrees to install a new version of NoxPlayer. 

Sanmillan explained: 

We have enough evidence to assert that the BigNox developer infrastructure was hacked to host-virus software, and the application programming interface (API) could have been compromised. The BigNox updater downloaded additional data from servers under the control of the attackers. ” 

Experts recommend uninstalling the emulator program or performing a standard reinstallation from blank media. Those who haven’t updated for a long time should wait for the official notification from BigNox that the threat has been removed.

NoxPlayer was developed by Hong Kong-based BigNox and is designed to run Android applications on computers running Windows and Mac operating systems. The number of emulator users worldwide exceeds 150 million people.