Write 2 sentences summarizing the content. At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2
Keypoints
- APT37 (aka ScarCruft/Ricochet Chollima) delivered an Android variant of the BirdCall backdoor through trojanized APKs on the sqgame[.]net game platform.
- ESET researchers found the Android BirdCall was developed around October 2024 and exists in at least seven versions.
- The Android variant collects contacts, call logs, SMS, device identifiers, geolocation, screenshots, audio recordings, and exfiltrates files and system info to a C2 server.
- The Android build lacks several Windows BirdCall features, such as shell command execution, traffic proxying, browser/messenger targeting, and process killing.
- Users are advised to download apps only from official marketplaces and trusted publishers to minimize supply-chain infection risk.
North Korean APT37 has been delivering an Android variant of the BirdCall backdoor via a supply-chain compromise of the sqgame[.]net video game platform. ESET observed trojanized APKs that enable extensive spyware capabilities—including contact and SMS theft, geolocation, screenshots, scheduled audio recording, and file exfiltration—targeting users in the Yanbian region. #BirdCall #APT37