October 2024 Archives

BetaBeacon

May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

BetaBeacon

May 5, 2026

ScarCruft hackers push BirdCall Android malware via game platform

APT37, also known as ScarCruft and Ricochet Chollima, has developed an Android version of the backdoor BirdCall, which serves as spyware in addition to a backdoor. The malware was delivered through a Chinese website that hosts games for Android, iOS, and Windows, targeting only Android and Windows systems. The Android variant of BirdCall has capabilities such as extracting IP geolocation information, collecting contact lists, call logs, SMS data, device information, taking screenshots, recording audio, and exfiltrating files. Users are advised to download software only from official marketplaces and trusted publisher sites to protect against malware infections.

Winsage

April 29, 2026

Microsoft stopped protecting Windows 10 — The fix is only $10

Windows 10 support ended in October 2024, leaving systems vulnerable to security threats. A lifetime license for Windows 11 Pro is currently available for .97, regularly priced at 9, with the offer expiring on May 3 at 11:59 PM. Windows 11 Pro includes features such as Microsoft Copilot, TPM 2.0, BitLocker encryption, Smart App Control, biometric recognition, Snap Layouts, improved memory management, DirectX 12 Ultimate, Windows Sandbox, and Hyper-V.

Winsage

April 24, 2026

Microsoft to roll out Entra passkeys on Windows in late April

Microsoft will introduce passkey support for phishing-resistant passwordless authentication on Microsoft Entra-protected resources starting in late April, with broader availability expected by mid-June 2026. This feature will allow passwordless sign-in on unmanaged Windows devices and will support various device types, including corporate, personal, and shared options. Administrators can manage passkeys through Conditional Access and Authentication Methods policies. Users can create device-bound passkeys stored securely within the Windows Hello container, using methods like facial recognition, fingerprint scanning, or a PIN. The passkeys will adhere to FIDO2 standards and will be securely bound to individual devices, preventing transmission over the network to enhance security against phishing and malware attacks. Microsoft has also announced plans for mandatory multifactor authentication registration for Entra tenants by October 2024 and that all new accounts will be passwordless by default starting in May 2025.

AppWizard

April 15, 2026

Aptoide sues Google for Android app store monopoly

Aptoide, a Portuguese app store company, has filed an antitrust lawsuit against Google in a federal court in San Francisco, alleging that Google is monopolizing the distribution of Android applications and payment processing. Aptoide claims that Google's practices hinder its ability to compete, despite offering lower commissions and more affordable options. The lawsuit seeks court orders to stop these practices and demands triple damages. Aptoide previously won a legal case against Google in 2018 regarding the removal of its app without user consent and was involved in the European Commission's Android antitrust case that resulted in a €4.34 billion fine against Google. The lawsuit comes amid increased scrutiny of Google's business practices, including a December 2023 jury ruling that found Google maintained an illegal monopoly in Android app distribution and in-app billing. Following this ruling, a U.S. District Court ordered Google to implement reforms to enhance competition within the Android ecosystem. Additionally, a proposed settlement between Google and Epic Games aims to facilitate the installation of third-party app stores and allow alternative payment methods. In August 2024, a U.S. District Court identified Google as a monopolist in the general search market, citing exclusionary agreements that restrict competition. Aptoide's lawsuit reflects concerns among smaller competitors about Google's influence over Android app distribution despite ongoing legal challenges.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

AppWizard

April 7, 2026

Age of Empires esports is very much alive, as London Wololo beats AO2 and 4 records

Wololo: Londinium, held from April 1 to April 6, showcased competition in Age of Empires 2: Definitive Edition and Age of Empires 4, featuring a prize pool of 0,000 and attracting thousands of fans at the Royal Albert Hall. Hamzah 'Hera' El-Baher won the AoE 2 crown, while Alexis 'MarineLorD' Eusebio defeated Daniel 'Wam01' Svoboda. The event peaked at 109,748 viewers and accumulated 1,470,424 hours of watch time, making it the most-watched esports event for Age of Empires 2. It surpassed the previous viewer record of 85,848 from Wololo: El Reinado and set a new peak for Age of Empires 4 with MarineLorD's match attracting 66,705 viewers.

Winsage

April 5, 2026

Claude Cowork and Claude Code Can Now Control Your Windows Desktop

On April 3, 2026, Anthropic expanded Claude’s desktop control feature to Windows for Pro and Max subscribers, allowing users to operate applications, navigate web pages, and manage files on their PCs without prior configuration. The feature is in research preview and includes a Dispatch companion for task assignment from mobile devices. Claude uses a structured tool hierarchy for task execution, prioritizing connectors like Slack and Google Calendar, and engages in direct desktop control only when necessary. Users must opt in to activate the feature, which integrates with existing software without requiring API keys. The technology is partly derived from Anthropic’s acquisition of Vercept AI, which specializes in AI-driven computer control. Security concerns have arisen due to vulnerabilities demonstrated shortly after the launch, prompting Anthropic to implement safeguards while acknowledging the feature's potential errors. Users can stop Claude's operations, but the company admits it cannot disable the technology remotely once tasks have started. Competitors like Microsoft and Google are also exploring similar desktop-level AI automation capabilities.

AppWizard

April 3, 2026

A State of Decay 3 playtest is finally happening, after almost two years of radio silence

Undead Labs has announced a technical alpha playtest for State of Decay 3, set to begin in May. This marks the first step toward the game's full release, following its initial unveiling in 2020. The playtest will feature four-player co-op gameplay, base-building mechanics, resource management, and combat scenarios. Players can sign up on the official website, but slots are limited, and participants must connect their email and Discord accounts and complete a questionnaire to qualify. The playtest will have multiple testing windows, allowing additional chances for players to join if not selected initially.