Malicious Card Games Target Korean-Speaking Android Users

Cybersecurity researchers at ESET discovered a targeted attack by North Korean hackers from a group called APT

37. The attackers created or modified a collection of card games that appeared to come from a company called Sqgame. Hidden inside these games was malicious software called BirdCall that acts as a backdoor, allowing hackers to spy on users and steal information from their Android phones. The campaign specifically targeted ethnic Koreans living in China. This attack affects a specific group: people of Korean descent in China who might download Korean-language card games. If you or someone in your family downloaded card games from Sqgame or similar Korean-language gaming apps outside official app stores, your phone may be infected with spyware. The malware can access personal information, messages, photos, and potentially track your activities. If you might be affected, do this now:
38. Check your Android phone for any card game apps from Sqgame or unfamiliar Korean-language game developers. Uninstall them immediately.
39. Review your list of installed apps and remove anything you do not remember downloading or that you downloaded from outside the Google Play Store.
40. Run a security scan using a reputable mobile security app like Malwarebytes, Bitdefender, or Norton Mobile Security.
41. Check your phone's permission settings and revoke unnecessary permissions from gaming apps, especially access to contacts, messages, and location.
42. Change passwords for important accounts you access from your phone, particularly if you entered them after installing suspicious apps. Protect yourself going forward by only downloading apps from official sources like Google Play Store or Apple App Store. Even then, read reviews carefully and check the developer's reputation before installing. Be especially cautious with apps targeting specific ethnic or language communities, as these are sometimes used for targeted attacks. Keep your phone's operating system updated with the latest security patches.