{"id":209355,"date":"2026-05-05T20:20:00","date_gmt":"2026-05-06T00:20:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/north-korean-hackers-targeted-ethnic-koreans-in-china-with-android-birdcall-malware\/"},"modified":"2026-05-06T00:40:08","modified_gmt":"2026-05-06T04:40:08","slug":"north-korean-hackers-targeted-ethnic-koreans-in-china-with-android-birdcall-malware","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/north-korean-hackers-targeted-ethnic-koreans-in-china-with-android-birdcall-malware\/","title":{"rendered":"North Korean hackers targeted ethnic Koreans in China with Android \u2018BirdCall\u2019 malware"},"content":{"rendered":"<p><a href=\"https:\/\/therecord.media\/north-korean-hackers-target-ethnic-koreans-in-china\">North Korean hackers targeted ethnic Koreans in China with Android \u2018BirdCall\u2019 malware<\/a><\/p>\n<p><a href=\"https:\/\/therecord.media\/north-korean-hackers-target-ethnic-koreans-in-china\">https:\/\/therecord.media\/north-korean-hackers-target-ethnic-koreans-in-china<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-05 20:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"therecord.media\">therecord.media<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.  Ethnic Koreans living in the Yanbian region of China were targeted by a sophisticated North Korean hacking group with a strain of malware attached to a popular Android mobile game.\u00a0  Researchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.  The backdoor, named BirdCall by the researchers, allowed APT37 to take screenshots, record calls, steal personal data and more. The Yanbian region of China is on the border with North Korea and is often referred to as \u201cThird Korea.\u201d ESET researchers said the campaign was likely aimed at refugees or defectors from the North Korean regime.\u00a0  The backdoor was initially thought to target only Windows devices, but an Android version was later discovered. Through BirdCall, APT37 is able to collect contact information, SMS texts, call logs, media files and private keys. The Android version of the backdoor was developed over the span of several months and ESET says it found seven versions of it.\u00a0  ESET researcher Filip Jur\u010dacko said victims typically downloaded the compromised games through a web browser on their devices and installed them directly, without going through the Google Play store.\u00a0 Image: ESET \u201cWe were unable to determine when the website was first compromised and the supply-chain attack started,\u201d Jur\u010dacko said.\u00a0  APT37 has operated since 2012 and is allegedly housed within North Korea\u2019s Ministry of State Security, focusing much of its work on espionage campaigns targeting South Korea and other Asian countries. The group has previously targeted government or military organizations as well as North Korean defectors.\u00a0  The Windows version of BirdCall being used by APT37 was initially discovered by South Korean cybersecurity vendor AhnLab and others in 2021.  ESET noted that the initial file downloaded from the Sqgame website by victims was not malicious. It became malicious due to a subsequent update package delivered by the platform that had been compromised since at least November 2024.\u00a0  ESET added that they contacted Sqgame in December 2025 but did not receive a response. The update package is no longer malicious, the researchers said.\u00a0\u00a0  The malware hands attackers a host of information about the device on its first run and \u201ccan record audio via the microphone and eavesdrop on the surroundings of the compromised device.\u201d It also searches any shared external storage devices for specific file types.  Last year, researchers found another strain of Android spyware developed and used by APT37 embedded in apps that could be found in the Google Play store.\u00a0  APT37 reportedly targeted South Korean academic experts and a North Korea-focused news outlet in 2024. Get more insights with the Recorded FutureIntelligence Cloud.Learn more.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korean hackers targeted ethnic Koreans in China with Android \u2018BirdCall\u2019 malware https:\/\/therecord.media\/north-korean-hackers-target-ethnic-koreans-in-china Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":209356,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cms.therecord.media\/uploads\/1027143190_e8b07f0d7d_o_418d2c924a.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-209355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209355"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209355"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209355\/revisions"}],"predecessor-version":[{"id":209357,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209355\/revisions\/209357"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209356"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}