ScarCruft hackers push BirdCall Android malware via game platform
ScarCruft hackers push BirdCall Android malware via game platform
Publish Date: 2026-05-05 05:04:13
Source Domain: www.bleepingcomputer.com
Summary of the Article
North Korean hacker group APT37, also known as ScarCruft or Ricochet Chollima, has developed a new variant of its well-known backdoor, BirdCall, targeting Android devices via a supply-chain attack through the sqgame[.]net platform. According to ESET researchers, they crafted this sophisticated Android malware beginning around October 2024, showcasing several improved capabilities beyond those found on Windows systems. The compromised platform caters to individuals, particularly Koreans in the Yanbian region in China, who function as gateways to North Korean defectors. The Android version of BirdCall spies on the devices it infiltrates, extracting geolocation, contacts, and call logs, while also recording audio and taking screenshots. However, it lacks some advanced features seen in the Windows version, such as file deletion and shell command execution. To stay safe, ESET advises users to download apps from official sources and trusted sites only.
Key Points:
- APT37 developed an Android variant of BirdCall, a spyware initially tied to Windows systems.
- The spyware targets Android devices through the sqgame[.]net platform, focusing also on attacks on Windows.
- The Android variant has capabilities including geolocation extraction, contact list and call log collection, microphone surveillance, and screenshots.
- Features available on BirdCall for Windows such as shell command execution and file deletion are still absent from the Android version.
- To mitigate risks, ESET advises users to download applications only from trusted and official marketplaces.
