BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ScarCruft Hacks Game Platform in Espionage Attack

ScarCruft group hacks video game platform to deploy BirdCall backdoor, targeting ethnic Koreans for espionage.

  • The North Korean ScarCruft hacking group compromised a video game platform to deploy the BirdCall backdoor, targeting ethnic Koreans.
  • This supply chain attack, ongoing since late 2024, marks a shift for the group by enabling multi-platform espionage against both Windows and Android users.
  • The infected platform, sqgame[.]net, is used in a border region of China that serves as a transit point for North Korean defectors.
  • BirdCall provides extensive surveillance capabilities, including screenshot capture, data theft, and audio recording.

The North Korean state-sponsored hacking group ScarCruft has been implicated in a long-running cyber espionage campaign, compromising a gaming platform since late 2024 to target ethnic Koreans in China. According to a report from ESET shared with The Hacker News, the attackers trojanized the platform’s components with a backdoor called BirdCall.

- Advertisement -

This supply chain attack represents a strategic evolution for the threat actors. Consequently, it enabled them to expand beyond their usual Windows focus and target Android devices for the first time in this operation.

The compromised platform, sqgame[.]net, hosts games for the Yanbian region bordering North Korea. “In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games,” the Slovakian cybersecurity company said.

Previous versions of the malware, an evolution of RokRAT, have been detected since 2021. The BirdCall backdoor itself provides capabilities for screenshot capture, keystroke logging, and data exfiltration.

For command-and-control communications, the malware leverages legitimate cloud services like Dropbox and pCloud. The Android variant specifically collects contact lists, SMS messages, call logs, and ambient audio.

- Advertisement -

Evidence suggests the Windows desktop client update package delivered a malicious DLL starting in November 2024. However, that specific package is no longer serving the trojanized component.

The Android attack specifically poisoned the download pages for two games on the platform. These pages were altered to serve malicious APKs containing the surveillance backdoor.

“The Android backdoor has seen active development, and provides surveillance capabilities, such as collection of personal data and documents, taking screenshots, and making voice recordings,” ESET concluded. The campaign aligns with ScarCruft’s known focus on North Korean defectors and activists.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin Data Strong Amid Selling and Yield Fears

Despite a zero ByteTrend score, the Bitcoin network's weekly on-chain transaction value is $13.5...

Ohio County Paid $1M After Data Heist

Union County, Ohio, paid roughly $1 million in Bitcoin to the cyber group Kairos...

Bitcoin’s 2026 Outlook: Sideways Trading Before Any Big Rally

Bitcoin is currently trading between $58,000 and $62,000, a steep drop from its October...

North Korean PolinRider Hackers Publish 108 Malicious Packages

North Korean-linked threat actors, known as Contagious Interview, have expanded their PolinRider supply-chain campaign...

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Must Read

5 Best Crypto Jobs Sites To Land Your Next Six Figure Job

The cryptocurrency and blockchain job market has exploded. With new blockchain start-ups and projects being founded at a blistering pace, the demand for workers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading