"ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor. The attack has likely been ongoing since late 2024."
"BirdCall comes fitted with features typically present in a backdoor, enabling screenshot capture, keystroke logging, clipboard content theft, shell command execution, and data gathering."
"The targeting of sqgame[.]net is a deliberate strategy given ScarCruft's history of targeting North Korean defectors, human rights activists, and university professors."
A state-sponsored hacking group aligned with North Korea has compromised a video game platform, implementing a backdoor named BirdCall to target ethnic Koreans in China. This supply chain attack has expanded the malware's reach to Android devices, making it a multi-platform threat. The campaign specifically targets sqgame[.]net, a platform significant for North Korean defectors. BirdCall features include screenshot capture, keystroke logging, and data gathering, and it utilizes legitimate cloud services for command-and-control operations.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]