Researchers at ESET discovered a supply-chain attack, dubbed NightScout, that was delivering malware using updates to the Android Gaming Emulator, NoxPlayer, made by the Hong Kong based company BigNox. At least three different malware strains were identified in the attack that was targeting specific gamers in Asia. The threat actor targeted the BigNox storage infrastructure to store malware and the BigNox API to deploy the payloads. The malware discovered in the attack campaign delivered three payloads: the Ghost Remote Access Trojan (RAT), Poison Ivy RAT, and a previously unknown malware variety. The threat actor used malicious updates to the NoxPlayer emulator to deliver the malware, except for Poison Ivy RAT, which was delivered as a second stage payload that came from the attacker’s own infrastructure.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is