North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

ESET researchers attribute a supply-chain campaign to North Korean APT37 that delivered the BirdCall backdoor via compromised Sqgame card games; BirdCall (Windows and Android variants) can take screenshots, record audio/calls, and exfiltrate contacts, SMS, call logs, media files and private keys. Victims (targeted ethnic Koreans in Yanbian and likely North Korean defectors) downloaded the compromised apps directly from the web, and the malicious update package was active since at least November 2024 before being remediated.