FILTERING BY: CLEAR FILTER

MacOS Backdoor 'FlutterShell' Weaponizes Google's Flutter Framework to Bypass Apple Gatekeeper

The CL-CRI-1089 threat group is executing "Operation FlutterBridge," a macOS malvertising campaign distributing the FlutterShell backdoor via malicious Google Ads. By utilizing the Google Flutter framework, attackers develop applications that undergo Apple's notarization process, successfully bypassing Gatekeeper and traditional antivirus protections. The malware employs a "thin client" architecture, hosting core malicious logic on remote, attacker-controlled servers to evade static analysis. It leverages a hidden WebView combined with a JavaScript-to-native bridge to facilitate remote command execution (RCE) and unauthorized file system access, providing persistent remote control over compromised macOS endpoints.


LINK COPIED TO CLIPBOARD