ScarCruft Compromises Gaming Platform to Deploy BirdCall Backdoor on Android and Windows

North Korea-aligned APT37 (ScarCruft) has compromised a video game platform in a supply chain attack, trojanizing its distributed components with BirdCall, a custom backdoor. Unlike prior BirdCall campaigns that targeted Windows exclusively, this operation now delivers an Android variant — significantly expanding the attack surface. The likely target population is ethnic Koreans residing in China. The compromised platform’s update or installer mechanism serves as the delivery vehicle, meaning users who updated or installed the software during the attack window may be affected. Organizations with employees who use third-party gaming platforms on work or personal devices should review for indicators from this campaign.