FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
What’s new: A new macOS backdoor named FlutterShell is being spread through malicious Google and YouTube ads as part of a campaign called Operation FlutterBridge. This malware, built using the Flutter framework, has capabilities for adware distribution, shell command execution, and file system manipulation. It modifies Google Chrome configurations to redirect traffic through an attacker-controlled site. The campaign is linked to a group known as CL-CRI-1089, which has been active since at least 2023.
Who’s affected
macOS users in the U.S., Canada, Australia, France, and Germany are primarily targeted by this campaign. The malware is distributed via ads from Google-verified shell companies, which have connections to Ukrainian individuals.
What to do
- Monitor and review browser configurations for unauthorized changes.
- Implement ad-blocking solutions to mitigate exposure to malicious ads.
- Regularly update and patch systems to protect against known vulnerabilities.
- Educate users about the risks of downloading software from unverified sources.
