APT Hackers Leverage macOS Flutter Apps To Embed Malicious Codes on Devices


A sophisticated malware campaign targeting macOS devices, believed to be orchestrated by North Korean state-sponsored or APT hackers.

The malicious actors have employed a novel technique of embedding malware within applications built using Google’s Flutter framework, marking a significant shift in their tactics.

SIEM as a Service

Jamf Threat Labs discovered multiple infected applications on VirusTotal that appeared benign to antivirus scans but contained malicious code.

Moreover, researchers at Jamf Threat Labs identified that the malware samples were found in three variants:-

  • Flutter-built
  • Golang
  • Python
Layout of a standard Flutter application (Source – Jamf)

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Flutter-Based Malware

The Flutter-based malware, disguised as a cryptocurrency-related app named “New Updates in Crypto Exchange,” presented users with a functional minesweeper game while covertly establishing connections to a domain associated with North Korean cyber operations.

Functional malicious minesweeper game (Source – Jamf)

What makes this attack particularly concerning is the malware’s ability to bypass Apple’s notarization process. Some of the infected apps were signed with legitimate Apple developer IDs, allowing them to execute without restrictions on macOS systems.

The malware’s primary function appears to be downloading and executing remote AppleScript commands, potentially enabling attackers to perform various malicious actions on compromised devices.

While it remains unclear whether these apps have been actively deployed in attacks, researchers believe this could be a testing phase for a new malware delivery method.

The use of Flutter, which naturally obfuscates code due to its architecture, provides an additional layer of complexity for security analysts.

This discovery highlights the evolving tactics of APT groups and underscores the importance of robust security measures, even for traditionally safer platforms like macOS.

Besides this, the users are advised to remain vigilant and only download applications from trusted sources.

Attend a Free Webinar on How to Maximize Cybersecurity Program ROI



Source link