North Korean hackers target gamers - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  North Korean hackers target gamers
De:       Mike Powell
Data:     Thu, 7 May 2026 09:40:24 -0500
-----------------------------------------------------------
 * Originally in: SF_Gaming

North Korean hackers target gamers with trojanized platform - here's what to 
look out for

Date:
Wed, 06 May 2026 22:20:00 +0000

Description:
Popular game platform was compromised and used to deliver backdoors.

FULL STORY
North Korean state-sponsored threat actors are
apparently targeting their compatriots living in (or moving through) China 
with advanced Android backdoors across gaming platforms. 

A report from security researchers ESET claims to have seen an advanced 
supply-chain attack that probably began in late 2024. The threat actors, most 
likely ScarCruft (also known as APT37, or Reaper), managed to compromise 
SQgame, a multi-platform gaming service built specifically for the people of 
Yanbian. The Yanbian Korean Autonomous Prefecture is an autonomous prefecture 
in Chinas Jilin Province. It is located near the border with North Korea and 
Russia, and was established to give administrative autonomy to the large 
population of ethnic Koreans living there. According to ESET, Yanbian is also 
a key crossing point for North Korean refugees and defectors, which could be 
one of the reasons why its being targeted.  "In the
attack, probably ongoing since late 2024, ScarCruft compromised Windows and 
Android components of a video game platform dedicated to Yanbian-themed 
games, trojanizing them with a backdoor," ESET said. 

The backdoor is called BirdCall and, depending on the platform it is 
installed on, can do different things. On Windows, it can grab screenshots, 
log keystrokes, steal the contents of the clipboard, execute shell commands, 
and exfiltrate data. All of the stolen info is then uploaded to legitimate 
cloud services such as Dropbox or pCloud. 

On Android, things are a bit different, allowing ScarCruft to also exfiltrate 
contact lists, SMS messages, call logs, media files, documents, screenshots, 
and even ambient audio. So far, the malware was updated seven times, leading 
researchers to believe it is being actively maintained. 

ESET says that the platform is still hosting malicious games. However, these 
seem to be limited to the Android platform.

Link to news story:
https://www.techradar.com/pro/security/north-korean-hackers-target-gamers-with
-trojanized-platform-heres-what-to-look-out-for

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]