VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

FlutterShell: macOS backdoor in fake Google/YouTube ads

FlutterShell: macOS‑бэкдор в поддельных Google/YouTube‑объявлениях

Colleagues, please note: the cybersecurity community has identified Operation FlutterBridge, a campaign distributing the macOS backdoor FlutterShell via malicious Google and YouTube advertisements.

- Palo Alto Unit 42: linked to JSCoreRunner (CL-CRI-1089), active since 2023.
- The attack leverages verified “shell” companies and targets macOS users in the US, Canada, Australia, France, and Germany.
- Applications are signed with Apple Developer IDs and notarized; a WebView with a JS-to-native bridge enables remote logic updates. Capabilities include command execution, file access, session theft, and traffic manipulation in Chrome.

Why this matters: malvertising bypasses vetting and increases the risk of compromising corporate Macs.

What steps are you taking to protect macOS?

#cybersecurity #macOS #malvertising #threatintel

Latest comments

No comments yet.