PSA: If you use NoxPlayer to play Android games on PC, you should probably reinstall it

NoxPlayer users beware. A hacker group has gained access to the Android emulator‘s server infrastructure and has pushed malware to a few users in Asia. Slovak security firm ESET recently discovered the attack, and it has advised affected NoxPlayer users to reinstall the emulator to remove the malware from their systems.

For the unaware, NoxPlayer is an Android emulator that is popular among gamers. The emulator is primarily used to run Android games on x86 PCs, and it’s developed by a Hong Kong-based company called BigNox. According to a recent report from ZDNet on the matter, a hacker group has gained access to one of the company’s official API ( and file-hosting servers ( Using this access, the group has tampered with the download URL of NoxPlayer updates in the API server to deliver malware to users.

In a report regarding the attack, ESET reveals that it has identified three different malware families that are being “distributed from tailored malicious updates to select victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities.”

ESET further reveals that even though the attackers had access to BigNox servers since at least September 2020, they didn’t target all of the company’s users. Instead, the attackers focused on specific machines, suggesting that this was a highly-targeted attack looking to infect only a certain class of users. As of now, the malware-laden NoxPlayer updates have only been delivered to five victims located in Taiwan, Hong Kong, and Sri Lanka. However, ESET recommends all NoxPlayer users stay cautious. The security firm has laid out some instructions to help users figure out if their system has been compromised in its report.

In case users find an intrusion, they should reinstall NoxPlayer from clean media. Non-compromised users are advised not to download any updates until BigNox notifies that it has mitigated the threat. A BigNox spokesperson has told ZDNet that the company is working with ESET to investigate the breach further.

The post PSA: If you use NoxPlayer to play Android games on PC, you should probably reinstall it appeared first on xda-developers.