Threat actors carried out a supply chain attack targeting online gamers based in Taiwan, Hong Kong, and Sri Lanka by introducing malware through an Android emulator called NoxPlayer, The Hacker News reports.
Cybersecurity researchers at ESET said the campaign, which they dubbed "Operation NightScout," possibly started around September 2020 and used an exploit of NoxPlayer’s update mechanism to deliver Gh0st RAT and other malicious software to targets’ computers that enabled surveillance activities such as keystroke capturing and sensitive data collection. Additional malware binaries such as PoisonIvy RAT were also observed to being downloaded by the BigNox updater from servers controlled by the attackers.
“Based on the compromised software in question and the delivered malware exhibiting surveillance capabilities, we believe this may indicate the intent of intelligence collection on targets involved in the gaming community,” a researcher said. NoxPlayer allows mobile games to be played on a PC and is used by an estimated 150 million users in more than 150 countries.