FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Summary
A new macOS malvertising campaign, Operation FlutterBridge, is spreading a backdoor named FlutterShell. This campaign appears to be an evolution of a previous activity cluster, JSCoreRunner, and utilizes malicious Google and YouTube ads to reach its targets.
IFF Assessment
FOE
This article details a new backdoor targeting macOS, indicating a growing threat to user security and privacy on the platform.
Defender Context
Defenders should be aware of malvertising campaigns that can target macOS users through seemingly legitimate platforms like Google and YouTube. Prompt patching and user education regarding suspicious ads are crucial to mitigate the spread of backdoors like FlutterShell.