North Korean Hackers Use Flutter Apps to Evade macOS Security

North Korean threat actors are targeting Apple macOS systems with trojanized apps, using Flutter, Google’s popular cross-platform development framework. These apps, disguised as Notepad tools and Minesweeper games, are designed to bypass macOS security checks by obtaining a legitimate Apple developer ID, allowing them to pass through Apple’s notarization process. 🍏

In a creative twist, the hackers used cryptocurrency-themed app names, aligning with North Korea’s financial theft motivations. The apps temporarily passed Apple’s security scans, making them appear as verified, trusted software.

Key highlights of this sophisticated campaign:

Malware disguised as common apps (Notepad, Minesweeper) 📝🎮Built with Flutter for cross-platform compatibilityUses AppleScript for remote script execution 📜Makes network requests to North Korean servers 🌐

The malware embedded within dynamic libraries (dylib) is loaded by the Flutter engine at runtime, making it harder to detect by macOS security systems.

Researchers at Jamf Threat Labs identified these apps in VirusTotal, where they exhibited “stage one” capabilities by connecting to DPRK-controlled servers. Although the apps were not aggressively targeting specific users, this activity seems to be an experiment in bypassing macOS defenses.

Popular Flutter apps involved include:

Crypto-themed trojanized apps“New Updates in Crypto Exchange (2024–08–28).app”Minesweeper game for macOS

Despite appearing benign, these apps harbored obfuscated code and featured AppleScript execution capabilities for receiving and executing commands from a command and control (C2) server.

This development is significant as it:

Demonstrates macOS vulnerabilities in notarization processes.Shows state-sponsored threat actors using innovative methods to bypass security measures.Indicates a rising trend of malicious cross-platform apps exploiting single codebase frameworks like Flutter.

For businesses and individuals alike, this highlights the importance of staying updated on cybersecurity threats and ensuring your systems are protected against such advanced threats.

With cyber threats evolving rapidly, like North Korean hackers targeting macOS, it’s time to strengthen your security! At Wire Tor, we’re offering a 50% discount on penetration testing services until December 2, 2024. Don’t miss this opportunity to protect your business from advanced threats!

Network and Web Penetration TestingMobile and Cloud Security AssessmentsIoT and Social Engineering SimulationsSpecialized Malware Analysis

💼 Ready to secure your systems? Reach out to Wire Tor for a full-scale security assessment to prevent breaches like this from affecting your organization!