Researchers have uncovered a software supply chain attack that is being used to install surveillance malware on the computers of online gamers.
The unknown attackers are targeting select users of NoxPlayer, a software package that emulates the Android operating system on PCs and Macs. People use it primarily for playing mobile Android games on these platforms. NoxPlayer-maker BigNox says the software has 150 million users in 150 countries.
Poisoning the well
Security firm Eset said on Monday that the BigNox software distribution system was hacked and used to deliver malicious updates to select users. The initial updates were delivered last September through the manipulation of two files: the main BigNox binary Nox.exe and NoxPack.exe, which downloads the update itself.
Read 9 remaining paragraphs | Comments
source https://arstechnica.com/?p=1738739