APT37 Deploys NarwhalRAT in New Microsoft Account Phishing

🔗 https://cybersecurefox.com/en/apt37-narwhalrat-microsoft-phishing-campaign

#APT37 #NarwhalRAT #ScarCruft #Microsoft #account #phishing #remote #access #trojan

ScarCruft Targets Microsoft Users with NarwhalRAT Malware

Beware of fake Microsoft account alerts! A sneaky North Korean hacking group, ScarCruft, is sending phishing emails that mimic Microsoft security notifications to trick you into downloading the NarwhalRAT malware.

https://osintsights.com/scarcruft-targets-microsoft-users-with-narwhalrat-malware?utm_source=mastodon&utm_medium=social

#Scarcruft #Apt37 #Microsoft #Narwhalrat #NorthKorea

📰 North Korean APT ScarCruft Hits Gaming Platform in Supply-Chain Attack

North Korean APT ScarCruft (APT37) targets gamers in a supply-chain attack, compromising a gaming site to distribute Android spyware. The 'BirdCall' backdoor spies on ethnic Koreans in China. 🕵️‍♂️ #APT37 #ScarCruft #CyberSecurity #Android

🔗 https://cyber.netsecops.io

#ScarCruft hackers push #BirdCall #Android #malware via game platform

https://www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/

#gaming #cyberscurity #NorthKorea #RicochetChollima #SQGame

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering

Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

https://osintsights.com/scarcruft-apt-exploits-yanbian-gaming-platform-for-intelligence-gathering?utm_source=mastodon&utm_medium=social

#Scarcruft #Apt37 #SupplyChain #Espionage #NationState

ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor

ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.

https://osintsights.com/scarcruft-expands-malware-arsenal-with-multi-platform-birdcall-backdoor?utm_source=mastodon&utm_medium=social

#Scarcruft #NorthKorea #SupplyChain #MalwareOperations #StateSponsored

#ESETresearch uncovered a multiplatform supply-chain attack by the 🇰🇵 #ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games. https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
In the attack, likely ongoing since late 2024, ScarCruft compromised sqgame, a video game platform used by ethnic Koreans living in the #Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors.
The sqgame Windows client was compromised through a malicious update serving the #RokRAT backdoor, which deployed ScarCruft’s more advanced #BirdCall backdoor. Android games were trojanized with the Android version of BirdCall – a new tool in ScarCruft’s arsenal.
The Android version of BirdCall implements a subset of the capabilities of its Windows counterpart – it collects contacts, SMS messages, call logs, and various documents, media files, and private keys. It can also take screenshots and record surrounding audio.
We believe that this campaign is probably aimed at collecting information on individuals in the Yanbian region and deemed of interest to the 🇰🇵 regime.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/scarcruft

Read the full analysis on WeLiveSecurity: https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/#article-2

ScarCruft hackers deploy BirdCall malware via gaming platform.

North Korean hackers APT37, also known as ScarCruft, have cleverly expanded their BirdCall malware to target Android devices, adapting their Windows backdoor to spy on mobile users. They even used a popular gaming platform to sneak the malware onto unsuspecting devices.

https://osintsights.com/scarcruft-hackers-deploy-birdcall-malware-via-gaming-platform?utm_source=mastodon&utm_medium=social

#Apt37 #Scarcruft #RicochetChollima #BirdcallMalware #AndroidSpyware

North Korea-linked ScarCruft is using spear-phishing with RokRAT malware to spy on academics, dubbed the #HanKookPhantom campaign.

Read: https://hackread.com/north-korea-scarcruft-target-academics-rokrat-malware/

#CyberSecurity #NorthKorea #ScarCruft #RokRAT #Malware