How users can get infectedĮverything starts and happens at the backend where users cannot see what is really going on. In this case, attackers manipulated two files: Nox.exe, the main NoxPlayer file, and NoxPack.exe, the downloader of the update itself. What we see here is the latest example of a supply-chain attack, wherein threat actors were able to manipulate a legitimate executable file to make it behave in a way it’s not supposed to. All they did was download the update for NoxPlayer. Affected users didn’t have to visit a potentially dubious website to get malware. Recently, ESET revealed a campaign that targeted users of NoxPlayer, a popular Android emulator for PCs and Macs. They introduce a level of flexibility that not only allows another system to run on top of a user’s operating system-a Windows OS running on a MacBook laptop, for example-but also allows video gamers to play games designed to work on a different platform than the one they own. Emulators have played a part in many tech-savvy users’ lives.