The emulator is called NoxPlayer, which reports having 150 million users, mainly in Asia. Last month, ESET uncovered some covert activity occurring through the emulator; in a few rare instances, it was delivering malicious updates to users’ computers since at least September.
According to ESET, the malicious updates arrive via NoxPlayer’s own backend infrastructure at “res06.bignox.com,” and possibly with the help of the software’s API at “api.bignox.com.” This suggests a hacking group secretly compromised the emulator’s update mechanism to serve up the bad computer code.
man-in-the middle) attack was used to tamper the update binary,” the company added.
ESET’s write-up on the incident includes instructions for NoxPlayer users on how to find out if they’ve been affected. The antivirus company also says users should avoid accepting any updates from the emulator that claim NoxPlayer has mitigated the threat. Based on the change-log, the last time NoxPlayer was updated was in November.