North Korean Hackers Use Flutter for Mac Malware

Researchers at Jamf Threat Labs have uncovered a sophisticated malware campaign by North Korean hackers targeting macOS devices using seemingly harmless applications built with Flutter, a framework developed by Google. The malware was found embedded in apps like 'New Updates in Crypto Exchange' and a clone of Minesweeper, which were signed and notarized by a legitimate Apple developer ID, allowing them to bypass Apple's security measures. This malware, which includes versions built with Go and Python, connects to domains linked to North Korean operations, suggesting a potential financial motivation behind the attacks. The unique code structure of Flutter applications obscures the malicious code, making them difficult to detect and reverse engineer. While the campaign appears to be more experimental than fully targeted, it raises concerns about the evolving tactics employed by North Korean cyber actors. Jamf warns that the complexity and design of these applications could pave the way for future malware strategies against macOS systems.