ScarCruft hackers push BirdCall Android malware via game platform

A North Korean hacking group, APT37, also known as ScarCruft, has been distributing a malicious Android backdoor called BirdCall through a compromised video game platform. This supply-chain attack allows the hackers to gain unauthorized access to Android devices, potentially enabling them to exfiltrate sensitive information or disrupt operations. The BirdCall malware is a significant concern due to its ability to evade detection and provide attackers with remote control capabilities. The fact that APT37 is involved suggests a geopolitical motivation behind the attack, rather than a purely financial one¹. This shift in threat model requires a different approach to mitigation and response, as state-aligned actors often have more resources and capabilities at their disposal. The use of a game platform as a delivery mechanism also highlights the need for increased vigilance in the app development and distribution ecosystem. This attack matters to practitioners because it underscores the importance of considering geopolitical factors in threat assessments.