New Delhi | A new Android spyware campaign involving the North Korean hacking group APT37, also known as ScarCruft, has been detected spreading through gaming platforms. The operation is being carried out as a supply-chain attack, where trojanized APK files are embedded into gaming websites and unknowingly downloaded by users.
Cybersecurity experts say that BirdCall was earlier known as a Windows-based backdoor, but it has now been developed into an Android variant capable of turning mobile devices into full-fledged surveillance tools. The malware not only steals sensitive data but also continuously monitors user activity in the background.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
According to reports, the spyware can access contact lists, call logs, SMS messages, location data, IMEI numbers, MAC addresses, and detailed network information. It also collects system-level data such as battery status, RAM usage, and storage details, which can be transmitted to remote servers to build a complete digital profile of the victim.
One of the most alarming capabilities of this malware is its ability to activate the microphone and record audio between 7 PM and 10 PM local time. It can also capture screenshots and exfiltrate files, raising serious concerns about the exposure of personal documents and confidential data.
Security researchers note that the infection was spread through a Chinese gaming platform hosting games for both Android and Windows. The APK files were modified to embed malicious code, allowing users to download the spyware unknowingly while installing games.
A researcher from ‘Algoritha Security’ stated that modern cyberattacks are no longer limited to simple data theft. Instead, they now focus on continuous surveillance and behavioral tracking, which significantly increases risks to a user’s entire digital identity.
Cybercrime expert and former IPS officer Prof. Triveni Singh said, “Social engineering and fake applications have become one of the most dangerous forms of cybercrime today. In many cases, users themselves end up installing malicious software. These spyware tools silently collect data and remain active on devices for long periods without detection.”
Investigations further reveal that while the Android version of BirdCall is still less advanced compared to its Windows counterpart, it is being actively updated. Experts warn that future versions may expand capabilities to target banking credentials and messaging applications.
APT37, the group behind this campaign, has previously been linked to multiple cyber espionage tools, including KoSpy and M2RAT. The group is known for targeting both mobile and Windows environments for intelligence-gathering operations.
Cybersecurity experts strongly advise users to download applications only from official app stores and avoid third-party APK files, which are increasingly being used as infection vectors in such attacks.
They further recommend avoiding suspicious links, modified gaming apps, and APK files shared through social media platforms. Once a device is compromised, data recovery becomes extremely difficult, and long-term surveillance risks remain high.
Experts also believe that groups like APT37 are continuously upgrading their techniques, making cross-platform attacks more sophisticated. Supply-chain attacks in particular are expected to become more complex and harder to detect in the future.
The incident highlights evolving cybersecurity challenges, where traditional security measures are often insufficient, and digital awareness is becoming the most critical line of defense for users worldwide.
