North Korean hackers target macOS users with Flutter malware
Malware was most likely just an experiment, researchers claim
· TechRadarNews By Sead Fadilpašić published 13 November 2024
- Experts found six malicious apps built for macOS
- The Apple IDs used to sign the apps have been revoked
- The malware was likely just an experiment
North Korean state-sponsored threat actors have been seen targeting macOS users with fake games and crypto tracking apps built with Flutter.
Cybersecurity researchers at Jamf recently found several apps on VirusTotal which seemed completely benign, yet connected to servers in North Korea, which was deemed “stage one” malware functionality.
There are two particularly interesting details about this malware. First - it was created with Flutter, an open source user interface (UI) software development kit created by Google. It allows developers to build natively compiled applications for mobile (iOS and Android), web, and desktop (Windows, macOS, Linux) from a single codebase.
Six malicious apps
One of the apps was called 'New Updates in Crypto Exchange (2024-08-28).app', and others were labeled in a similar manner. Yet, when opened, they ran open-source minesweeper games and similar.
Flutter, which uses the Dart programming language, provides obfuscation to the malicious code by design, the researchers said. Therefore, the malware was not that easy to spot (hence appearing as benign in VirusTotal).
The second interesting detail is that the apps were signed and notarized by a legitimate Apple developer ID, which means that at some point, they passed Apple’s security checks.
Jamf found a total of six apps, five of which were signed by a working Apple developer ID. It has been revoked in the meantime.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors