FlutterShell: macOS backdoor in fake Google/YouTube ads

Colleagues, please note: the cybersecurity community has identified Operation FlutterBridge, a campaign distributing the macOS backdoor FlutterShell via malicious Google and YouTube advertisements.
- Palo Alto Unit 42: linked to JSCoreRunner (CL-CRI-1089), active since 2023.
- The attack leverages verified “shell” companies and targets macOS users in the US, Canada, Australia, France, and Germany.
- Applications are signed with Apple Developer IDs and notarized; a WebView with a JS-to-native bridge enables remote logic updates. Capabilities include command execution, file access, session theft, and traffic manipulation in Chrome.
Why this matters: malvertising bypasses vetting and increases the risk of compromising corporate Macs.
What steps are you taking to protect macOS?
#cybersecurity #macOS #malvertising #threatintel


Latest comments
No comments yet.