The online media and entertainment industry has been recently bombarded by multiple cyberattacks. So much so that the gaming industry has itself reported nearly 10 billion cyberattacks in only the last two years. However, the latest findings from ESET researchers suggest that threat actors are now turning towards espionage campaigns, unlike others. But what is their modus operandi?
NoxPlayer – The New Spy Games Version
NoxPlayer, which is a product from BigNox, emulates Android games on Windows and macOS desktops. Thus, it is generally used by gamers for testing and playing mobile games on their computers. ESET researchers found striking evidence that one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com) was compromised by unknown threat actors in September last year.
However, unlike recent cyberattacks, where threat actors installed malware or ransomware to exfiltrate data and demand hefty ransoms, they only installed three malware for spying on their victims. What made things more unusual was the fact that attackers did not target all users either. They only targeted five users, which included targets from Hong Kong, Sri Lanka, and Taiwan. It meant it was a sophisticated and highly targeted espionage campaign.
On further analysis of the three malware deployed during this supply chain attack, the research team could draw parallels with another supply chain attack against the Myanmar presidential office in 2018 and Hong Kong University in 2020. The same malware strains were used in those attacks too.
In order to help users determine whether they installed the malware-ridden update of NoxPlayer and what remedies could be applied, ESET released a detailed report, which can be viewed here.