New threat targeting macOS discovered

Tags

External References

• https://www.jamf.com/
• https://otx.alienvault.com/

Description

Jamf Threat Labs uncovered malware samples linked to North Korea, built using Flutter, which provides inherent obfuscation. The malware, discovered in late October, includes Go, Python, and Flutter variants. The Flutter-built application presents a minesweeper game while making network requests to a known DPRK-associated domain. The malware executes AppleScript code received from the server. Similar functionality was observed in Go and Python variants. The attackers may be testing new weaponization techniques, potentially attempting to bypass Apple's notarization process and antivirus detection. This marks the first instance of this actor using Flutter to target macOS devices.

Date