Home / Technology / N. Korea's ScarCruft Targets Ethnic Koreans With Android Malware
N. Korea's ScarCruft Targets Ethnic Koreans With Android Malware
7 May
Summary
- ScarCruft compromised a gaming platform for ethnic Koreans in China.
- BirdCall malware exfiltrates data from Windows and Android devices.
- The malware actively targets ethnic Koreans and defectors in China.
North Korean state-sponsored threat actors, identified as ScarCruft (APT37), are conducting a supply-chain attack targeting ethnic Koreans in China. Since late 2024, they compromised SQgame, a Windows and Android gaming platform popular in the Yanbian Korean Autonomous Prefecture. This region is known for its ethnic Korean population and as a transit point for North Korean defectors.
The trojanized platform delivers a backdoor named BirdCall. On Windows, it facilitates data theft, screenshot capture, and keystroke logging, uploading sensitive information to cloud services. The Android version of BirdCall is more intrusive, exfiltrating contact lists, SMS messages, call logs, media files, documents, and even ambient audio recordings.
Researchers indicate that the BirdCall malware is under active development, with multiple updates observed. Malicious games from the compromised platform are reportedly still accessible, specifically on the Android OS. The persistent targeting suggests a continued focus on ethnic Koreans and defectors within China.
