Security researchers from ESET have discovered an unnamed group of hackers have compromised NoxPlayer, an Android emulator for Windows and macOS, which has a userbase of 150 million in more than 150 countries.
The NoxPlayer was compromised during an update. Once launched it will prompt users for an update, which would deliver the malware into their systems.
Image: ESET
This attack has infected gamers in Asia with three malware strains, which includes the Gh0st malware, a Remote Access Trojan that has keylogging capabilities. The infection also includes PoisonIvy RAT, which has powerful spying capabilities.
At this time of this writing, ESET researchers have identified five victims in countries in Taiwan, Hong Kong, and Sri Lanka.
In a tweet by ESET, Operation #NightScout is particularly interesting due to the targeted vertical, as we don’t usually encounter cyberespionage operations targeting online gamers, and we don’t believe the intent of perpetrators was financial gain, but rather intelligence collection.
Until this threat is mitigated the best thing to do right now is completely uninstall the software.