- North Korean APT37 (ScarCruft) gang compromised a Yanbian gaming platform to ship the BirdCall backdoor
- On Home windows, it enabled knowledge theft and command execution; on Android, it exfiltrated contacts, messages, media, and ambient audio
- The malware is actively maintained, with Android variations nonetheless hosted, concentrating on ethnic Koreans and defectors in China
North Korean state-sponsored risk actors are apparently concentrating on their compatriots dwelling in (or transferring by way of) China with superior Android backdoors throughout gaming platforms.
A report from safety researchers ESET claims to have seen a sophisticated supply-chain assault that most likely started in late 2024. The risk actors, most probably ScarCruft (also called APT37, or Reaper), managed to compromise SQgame, a multi-platform gaming service constructed particularly for the folks of Yanbian.
The Yanbian Korean Autonomous Prefecture is an autonomous prefecture in China’s Jilin Province. It’s positioned close to the border with North Korea and Russia, and was established to provide administrative autonomy to the big inhabitants of ethnic Koreans dwelling there. Based on ESET, Yanbian can be a key crossing level for North Korean refugees and defectors, which may very well be one of many the explanation why it’s being focused.
Article continues beneath
You could like
BirdCall malware
“Within the assault, most likely ongoing since late 2024, ScarCruft compromised Home windows and Android parts of a online game platform devoted to Yanbian-themed video games, trojanizing them with a backdoor,” ESET mentioned.
The backdoor is named BirdCall and, relying on the platform it’s put in on, can do various things. On Home windows, it could seize screenshots, log keystrokes, steal the contents of the clipboard, execute shell instructions, and exfiltrate knowledge. The entire stolen information is then uploaded to respectable cloud providers similar to Dropbox or pCloud.
On Android, issues are a bit completely different, permitting ScarCruft to additionally exfiltrate contact lists, SMS messages, name logs, media information, paperwork, screenshots, and even ambient audio. Up to now, the malware was up to date seven instances, main researchers to consider it’s being actively maintained.
ESET says that the platform remains to be internet hosting malicious video games. Nevertheless, these appear to be restricted to the Android platform.
One of the best antivirus for all budgets
Our prime picks, based mostly on real-world testing and comparisons
Comply with TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, critiques, and opinion in your feeds.
