Android Malware Spotted on Popular Game Platform via ScarCruft Hackers

Vaibhav May 5, 2026
www.news4hackers.com-android-malware-spotted-on-popular-game-platform-via-scarcruft-hackers-android-malware-spotted-on-popular-game-platform-via-scarcruft-hackers
Post Views: 1

Android Variant of BirdCall Malware Discovered

The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform.

  • This marks the first public documentation of the Android variant of BirdCall, a malware family associated with APT37 since 2021.
  • The Windows version of BirdCall can record keystrokes, capture screenshots, and exfiltrate files.
According to researchers at ESET, the threat actor created BirdCall for Android around October 2024 and developed at least seven versions.

The attacks were delivered through sqgame[.]net, a Chinese site hosting games for Android, iOS, and Windows platforms. However, only Android and Windows were targeted by the ScarCruft attacks.

The particular platform caters to Koreans in the autonomous Yanbian region in China, which serves as a crossing point for North Korean defectors and refugees. The compromised platform hosted games that allowed users to unknowingly download the malicious software.

Capabilities of the Android Version

  • Extracts IP geolocation information
  • Collects contact lists, call logs, and SMS messages
  • Gathers device information such as operating system, kernel, rooted status, IMEI number, MAC address, IP address, and network details
  • Sends information about battery temperature, RAM, and storage, cloud configuration, backdoor version, and file extensions of interest to the C2 server

The Android variant of BirdCall periodically captures screenshots, records audio via the microphone from 7 pm to 10 pm local time, and plays a silent MP3 in a loop to prevent the suspension of its process. It also exfiltrates files from a specified directory.

Differences from the Windows Version

  • Lacks shell command execution capability
  • No traffic proxying capability
  • No targeting data from browsers and messenger apps

Users are advised to exercise caution when downloading games from untrusted sources, especially those related to gaming platforms catering to specific regions or demographics.

Mitigation Strategies

  • Only download games from trusted sources
  • Be cautious of suspicious emails or messages asking you to install software
  • Regularly update your operating system and applications
  • Use reputable antivirus software to scan your device regularly


Blog Image

About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-gurgaon-man-lost-money-to-myanmar-cybercrime-scam-under-job-promise-gurgaon-man-lost-money-to-myanmar-cybercrime-scam-under-job-promise

gurgaon-man-lost-money-to-myanmar-cybercrime-scam-under-job-promise

Vaibhav April 27, 2026
www.news4hackers.com-mumbai-police-busts-malicious-apk-scam-operation-originating-from-bihar-mumbai-police-busts-malicious-apk-scam-operation-originating-from-bihar

Mumbai Police Busts Malicious APK Scam Operation Originating from Bihar

Vaibhav April 23, 2026
Yamunanagar-Cryptocurrency-Investment-Scam-Uncovered-with-6-82-Crore-Scheme

Yamunanagar Cryptocurrency Investment Scam Uncovered with ₹6.82 Crore Scheme

Vaibhav April 20, 2026

Latest Cyber Security News

www.news4hackers.com-android-malware-spotted-on-popular-game-platform-via-scarcruft-hackers-android-malware-spotted-on-popular-game-platform-via-scarcruft-hackers

Android Malware Spotted on Popular Game Platform via ScarCruft Hackers

Vaibhav May 5, 2026
www.news4hackers.com-whatsapp-warns-users-about-security-flaws-file-spoofing-and-malicious-urls-whatsapp-warns-users-about-security-flaws-file-spoofing-and-malicious-urls

WhatsApp Warns Users About Security Flaws: File Spoofing and Malicious URLs

Vaibhav May 5, 2026
www.news4hackers.com-metinfo-vulnerability-ecology-attacks-by-hackers-metinfo-vulnerability-ecology-attacks-by-hackers

Metinfo Vulnerability – Ecology Attacks by Hackers

Vaibhav May 5, 2026
www.news4hackers.com-interstate-cyber-crime-ring-dismantled-5-suspects-caught-for-phony-investments-and-gigs-interstate-cyber-crime-ring-dismantled-5-suspects-caught-for-phony-investments-and-gigs

Interstate Cyber Crime Ring Dismantled: 5 Suspects Caught for Phony Investments and Gigs

Vaibhav May 5, 2026
www.news4hackers.com-current-cybersecurity-job-openings-2026-current-cybersecurity-job-openings-2026

Current Cybersecurity Job Openings 2026

Vaibhav May 5, 2026
en_USEnglish
en_USEnglish