FlutterShell Backdoor Targets macOS Users via Malicious Ads
A new cybersecurity threat, known as the FlutterShell backdoor, is targeting macOS users through a malvertising campaign called Operation FlutterBridge. According to Palo Alto Networks Unit 42, this campaign is an evolution of a previous activity cluster named JSCoreRunner. The attackers, identified as CL-CRI-1089, have been active since at least 2023. FlutterShell, built using the Flutter framework, infects systems with adware and possesses backdoor capabilities, including shell command execution and file system manipulation. The campaign uses malicious Google and YouTube ads to lure users into downloading malware disguised as legitimate applications. These ads are distributed by shell companies linked to Ukrainian individuals, targeting users in the U.S., Canada, Australia, France, and Germany. 
