📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack

North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️‍♂️ #APT37 #ScarCruft #CyberSecurity #Android

🔗 https://cyber.netsecops.io

#ScarCruft hackers push #BirdCall #Android #malware via game platform

https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/

#gaming #cyberscurity #NorthKorea #RicochetChollima #SQGame

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering

Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

https://osintsights.com/scarcruft-apt-exploits-yanbian-gaming-platform-for-intelligence-gathering?utm_source=mastodon&utm_medium=social

#Scarcruft #Apt37 #SupplyChain #Espionage #NationState

A rigged game: compromises gaming platform in a supply-chain attack

North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors.

Pulse ID: 69f9c539da459757922d22d8
Pulse Link: https://otx.alienvault.com/pulse/69f9c539da459757922d22d8
Pulse Author: AlienVault
Created: 2026-05-05 10:23:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #BackDoor #China #CyberSecurity #Espionage #InfoSec #Korea #NorthKorea #OTX #OpenThreatExchange #RAT #ScarCruft #Trojan #Windows #bot #AlienVault

ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor

ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.

https://osintsights.com/scarcruft-expands-malware-arsenal-with-multi-platform-birdcall-backdoor?utm_source=mastodon&utm_medium=social

#Scarcruft #NorthKorea #SupplyChain #MalwareOperations #StateSponsored

#ESETresearch uncovered a multiplatform supply-chain attack by the 🇰🇵 #ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games. https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
In the attack, likely ongoing since late 2024, ScarCruft compromised sqgame, a video game platform used by ethnic Koreans living in the #Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors.
The sqgame Windows client was compromised through a malicious update serving the #RokRAT backdoor, which deployed ScarCruft’s more advanced #BirdCall backdoor. Android games were trojanized with the Android version of BirdCall – a new tool in ScarCruft’s arsenal.
The Android version of BirdCall implements a subset of the capabilities of its Windows counterpart – it collects contacts, SMS messages, call logs, and various documents, media files, and private keys. It can also take screenshots and record surrounding audio.
We believe that this campaign is probably aimed at collecting information on individuals in the Yanbian region and deemed of interest to the 🇰🇵 regime.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/scarcruft

Read the full analysis on WeLiveSecurity: https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/#article-2

ScarCruft hackers deploy BirdCall malware via gaming platform.

North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.

https://osintsights.com/scarcruft-hackers-deploy-birdcall-malware-via-gaming-platform?utm_source=mastodon&utm_medium=social

#Apt37 #Scarcruft #RicochetChollima #BirdcallMalware #AndroidSpyware

North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.

Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/

#CyberSecurity #NorthKorea #ScarCruft #RokRAT #Malware

ScarCruft (APT37) is running Operation HanKook Phantom → phishing South Korean academics w/ RokRAT malware.
🔹 LNK loaders + fileless PowerShell
🔹 Exfil via Dropbox & GDrive
🔹 Goal: espionage & persistence
💬 Should academia ramp up defenses to enterprise SOC levels, or is that unrealistic?
Follow @technadu for more threat intel.

#CyberSecurity #APT37 #ScarCruft #RokRAT #Phishing #ThreatIntel