China Archives

AppWizard

May 9, 2026

KING VPN Announces Android VPN App Availability for Users in the United States

Tech Digital Labs has launched KING VPN, a mobile application for Android users in the United States, designed for easy VPN access. The app is available on Google Play, categorized as an Android tools app, and has over 100,000 downloads. It features a user-friendly interface suitable for users aged three and above, with a one-tap connection to various VPN server locations, including the United States, United Kingdom, Russia, China, and Turkey. The app prioritizes user privacy by not sharing or collecting data. The latest update was released on March 30, 2026, which included bug fixes and enhancements. Tech Digital Labs also provides digital marketing services, website development, and mobile app creation.

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 6, 2026

North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

North Korean hackers targeted ethnic Koreans in China with a malware disguised as a popular Android mobile game called BirdCall, allowing them to steal personal data from victims.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

AppWizard

May 4, 2026

Xteink S4 is running Android and will support sideloaded apps

The Xteink S4 e-reader has launched in China and will be released internationally soon. It operates on Google Android, allowing users to sideload e-reading apps like Kindle and KOBO. The retail price is projected to be budget-friendly. Key specifications include a 4.3-inch display, Android 11, 2GB RAM, 32GB storage, adjustable front light, USB-C charging, Wi-Fi and Bluetooth connectivity, and a 1400mAh battery, all in a lightweight design of 95g. The Xteink S4 is designed to address issues from previous models, particularly the S3 and X4, which faced problems with jailbreaking that led to screen damage and warranty returns. The new Android framework allows for user customization, aiming to enhance the reading experience and reduce technical issues.

AppWizard

April 30, 2026

Chinese-made soulslike Wuchang: Fallen Feathers, set in historical China, is now owned by… Italians?

The ownership of Wuchang: Fallen Feathers has transitioned to the Italian gaming company Digital Bros., the parent entity of 505 Games. The game, which received mixed reviews, sold over one million copies and generated more than €30 million in revenue. Digital Bros. acquired the intellectual property for RMB 32 million. The acquisition follows a controversial patch that altered the game's storyline and historical figures. Internal issues at the development studio, Leenzee, led to the game director's layoff and the studio's eventual dissolution.

AppWizard

April 29, 2026

Battlefield 6 is bringing back a 13-year old map, and it looks incredible

Players can look forward to the reimagined Golmud Railway map in Season 3 of Battlefield 6, originally launched in 2013 as the largest map in Battlefield 4. The new version, set in Tajikistan, aims to enhance gameplay by addressing limitations of the original, featuring a strategic battle for control of a moving train that advances toward enemy headquarters. The map will offer a more immersive environment with an expanded layout for infantry and vehicle combat, improved traversal for players without vehicles, and opportunities for aerial combat. Significant terrain adjustments have been made for balance, including repositioning the mountain range and modifying boundaries. The launch date is expected to be Tuesday, May 12.

AppWizard

April 25, 2026

NoVoice malware hit 2.3 million Android devices through apps Google never should have approved

McAfee researchers discovered a complex Android rootkit campaign, dubbed Operation NoVoice, that infiltrated 50 applications on Google Play, exploiting vulnerabilities in the kernel that had been patched but not uninstalled. The malware was resilient enough to survive factory resets and was concealed within seemingly benign apps, which collectively garnered 2.3 million downloads. The malicious payload was hidden in the com.facebook.utils package and used steganography to embed an encrypted payload within a PNG image. The malware conducted multiple checks to avoid detection and established contact with a command-and-control server, polling for exploit packages every 60 seconds. It utilized 22 distinct exploits, including vulnerabilities that had received patches between 2016 and 2021. The malware disabled SELinux enforcement and installed a persistent rootkit that could survive factory resets. Google confirmed the removal of the infected apps but noted that users who had already downloaded them remained at risk, especially if their devices were running unpatched Android versions. McAfee advised affected users to treat their devices as compromised and consider professional inspection or hardware-level storage wiping for remediation.