North Korean APT37 Targets Ethnic Koreans in China with Android 'BirdCall' Malware
North Korean hackers are targeting ethnic Koreans in China with Android malware called 'BirdCall' as part of a sophisticated espionage campaign.
North Korean state-sponsored hackers are targeting ethnic Koreans in China with Android malware, according to a report by cybersecurity firm ESET. The campaign, attributed to APT37, utilizes a backdoor delivered through a suite of card games developed by a company named Sqgame. The malware, dubbed 'BirdCall,' is designed to steal sensitive information from infected devices.
The primary targets appear to be individuals of Korean ethnicity residing in China. The attackers aim to gain access to personal data, potentially for espionage or other malicious purposes. The specific capabilities of the BirdCall malware include its ability to act as a backdoor, allowing attackers to maintain persistent access and exfiltrate data from compromised Android devices.
ESET has not disclosed specific details regarding the exploitation vectors or the full extent of the compromised data. However, the firm emphasizes the ongoing threat posed by state-sponsored actors and advises users to be cautious of suspicious applications, especially those downloaded from unofficial sources. Further details on mitigation and detection are expected as the investigation continues.