← All stories

GBHackers

ScarCruft Targets Gaming Platform With Windows, Android Backdoors

Mayura Kathir · 1 day ago · Read original ↗

ATT&CK techniques detected

5 predictions

T1195.002Compromise Software Supply Chain

74%

“desktop client received malicious updates through a compromised mono. dll library hosted at the platform ’ s update server. the apk available for download on the official website is the same as the apk initially found on virustotal. the trojanized dll contains a downloader that f…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1105Ingress Tool Transfer

46%

“desktop client received malicious updates through a compromised mono. dll library hosted at the platform ’ s update server. the apk available for download on the official website is the same as the apk initially found on virustotal. the trojanized dll contains a downloader that f…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1036.005Match Legitimate Resource Name or Location

38%

“desktop client received malicious updates through a compromised mono. dll library hosted at the platform ’ s update server. the apk available for download on the official website is the same as the apk initially found on virustotal. the trojanized dll contains a downloader that f…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1574Hijack Execution Flow

33%

“desktop client received malicious updates through a compromised mono. dll library hosted at the platform ’ s update server. the apk available for download on the official website is the same as the apk initially found on virustotal. the trojanized dll contains a downloader that f…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1056.001Keylogging

32%

“s capabilities, focusing on data collection and surveillance. it harvests contacts, sms messages, call logs, documents, and media files with specific extensions including. doc,. docx,. xls,. xlsx,. ppt,. pptx,. txt,. hwp,. pdf,. jpg,. m4a, and. p12. the targeting of. hwp files us…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized both Windows and Android components of sqgame[.]net, a video game platform that hosts traditional Yanbian-themed card and board games. […]

The post ScarCruft Targets Gaming Platform With Windows, Android Backdoors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.