Spyware Hidden in Android Card Games Targets Specific Community

Cybersecurity researchers at ESET discovered that North Korean hackers placed spyware called BirdCall inside Android card games. The hackers, known as APT37, attached the malware to games from a company called Sqgame. This campaign specifically targeted ethnic Koreans living in China, making it a very focused attack rather than a widespread threat.

This attack affects a specific group of people.

If you are of Korean descent living in China and have downloaded card games from Sqgame on your Android phone, your device may be infected with spyware. For the vast majority of families in other countries or those who have not downloaded these specific games, this threat does not apply to you. The hackers were interested in a particular community, not random smartphone users. If you think you might be affected, here is what to do:

1. Check your Android phone for any card games from Sqgame and uninstall them immediately.
2. Run a security scan using a reputable mobile antivirus app.
3. Review the permissions on all your installed apps and remove any that have access to contacts, messages, or files without a clear reason.
4. Change passwords on accounts you accessed from your phone.
5. Consider doing a factory reset of your phone if you are certain you had the infected games installed. This incident reminds us to be careful about where we download apps. Only download apps from the official Google Play Store, and even then, check reviews and ratings carefully. Avoid downloading games or apps from unfamiliar companies or third party websites. Pay attention to what permissions apps request. A simple card game should not need access to your contacts, messages, or camera.