ScarCruft's Supply-Chain Attack Targets Yanbian Gaming Platform with BirdCall Malware

ESET researchers reported that North Korean APT ScarCruft conducted a supply-chain attack against the Yanbian gaming platform sqgame.net, trojanizing Windows and Android components with the BirdCall backdoor (Android versions observed Oct 2024–Jun 2025; Windows variant known since 2021). The campaign targets ethnic Koreans and North Korean defectors for intelligence collection, routes C2 through cloud storage services, and malicious APKs remain available on the site despite ESET notification.