Sqgame[.]net gaming platform hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The sqgame[.]net gaming platform was compromised, and its Windows and Android software were trojanized to deliver malicious code to users, putting a regional ethnic-Korean audience at risk. The compromise appears to have been active since late 2024, and the site still hosted the malicious Android packages at the time of reporting.
Related Happenings
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
Campaign
First: 11.05.2026 18:15
Last: 11.05.2026 18:15
Sources 1
About this happening:
The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
CampaignAbout this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo Android banking malware adds TON-based covert command-and-control
Malware Activity
First: 11.05.2026 12:03
Last: 11.05.2026 12:03
Sources 1
About this happening:
The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...
TrickMo Android banking malware adds TON-based covert command-and-control
Malware ActivityAbout this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...
ScarCruft sqgame[.]net supply-chain espionage campaign
Campaign
First: 05.05.2026 12:07
Last: 05.05.2026 12:07
Sources 1
How related:
The supply-chain operation has likely been running since late 2024, targeting users of sqgame[.]net, a site dedicated to traditional Yanbian-themed card and board games.
About this happening:
**ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...
ScarCruft sqgame[.]net supply-chain espionage campaign
CampaignHow related: The supply-chain operation has likely been running since late 2024, targeting users of sqgame[.]net, a site dedicated to traditional Yanbian-themed card and board games.
About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...
APT37 BirdCall Android supply-chain campaign
Campaign
First: 05.05.2026 12:04
Last: 05.05.2026 12:04
Sources 1
About this happening:
The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...
APT37 BirdCall Android supply-chain campaign
CampaignAbout this happening: The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...
BirdCall Android spyware variant
Malware Activity
First: 05.05.2026 12:04
Last: 05.05.2026 12:04
Sources 1
How related:
BirdCall was first identified by ESET as a Windows backdoor in 2021. The Android port, internally named zhuagou, implemented a subset of its predecessor's capabilities and saw active development across seven versions between October 2024 and June 2025.
About this happening:
The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...
BirdCall Android spyware variant
Malware ActivityHow related: BirdCall was first identified by ESET as a Windows backdoor in 2021. The Android port, internally named zhuagou, implemented a subset of its predecessor's capabilities and saw active development across seven versions between October 2024 and June 2025.
About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...
Timeline
-
05.05.2026 18:00 2 articles · 22d ago
Sqgame[.]net gaming platform hit by network compromise
Initial DisclosureThe compromise was established by at least **November 2024**, when the Windows update channel began serving a trojanized **mono.dll**. That initial payload set up the platform for subsequent malicious delivery to users.
Show sources
- North Korean APT Targets Yanbian Gamers via Trojanized Platform — www.infosecurity-magazine.com — 05.05.2026 18:00
- North Korean APT Targets Yanbian Gamers via Trojanized Platform — www.infosecurity-magazine.com — 05.05.2026 18:00