Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

New threat targeting macOS discovered

Nov. 13, 2024, 12:58 p.m.

Description

Jamf Threat Labs uncovered malware samples linked to North Korea, built using Flutter, which provides inherent obfuscation. The malware, discovered in late October, includes Go, Python, and Flutter variants. The Flutter-built application presents a minesweeper game while making network requests to a known DPRK-associated domain. The malware executes AppleScript code received from the server. Similar functionality was observed in Go and Python variants. The attackers may be testing new weaponization techniques, potentially attempting to bypass Apple's notarization process and antivirus detection. This marks the first instance of this actor using Flutter to target macOS devices.

Date

Published: Nov. 13, 2024, 12:24 p.m.

Created: Nov. 13, 2024, 12:24 p.m.

Modified: Nov. 13, 2024, 12:58 p.m.

Attack Patterns

DPRK (North Korea)

T1553.002

T1071.001

T1204.002

T1059.002

T1105

T1027