1. Forum
  2. tqw
  3. TQW GENTECH

  • North Korean hackers target macOS users with Flutter malware

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 13, 2024 17:15:05
    North Korean hackers target macOS users with Flutter malware

    Date:
    Wed, 13 Nov 2024 17:03:00 +0000

    Description:
    Malware is easier to hide in Flutter-built apps for macOS, experts claim.

    FULL STORY ======================================================================Experts found six malicious apps built for macOS The Apple IDs used to sign the apps have been revoked The malware was likely just an experiment

    North Korean state-sponsored threat actors have been seen targeting macOS users with fake games and crypto tracking apps built with Flutter.

    Cybersecurity researchers at Jamf recently found several apps on VirusTotal which seemed completely benign, yet connected to servers in North Korea,
    which was deemed stage one malware functionality.

    There are two particularly interesting details about this malware. First - it was created with Flutter, an open source user interface (UI) software development kit created by Google. It allows developers to build natively compiled applications for mobile (iOS and Android), web, and desktop
    (Windows, macOS, Linux) from a single codebase. Six malicious apps

    One of the apps was called 'New Updates in Crypto Exchange (2024-08-28).app', and others were labeled in a similar manner. Yet, when opened, they ran open-source minesweeper games and similar.

    Flutter, which uses the Dart programming language, provides obfuscation to
    the malicious code by design, the researchers said. Therefore, the malware
    was not that easy to spot (hence appearing as benign in VirusTotal).

    The second interesting detail is that the apps were signed and notarized by a legitimate Apple developer ID, which means that at some point, they passed Apples security checks.

    Jamf found a total of six apps, five of which were signed by a working Apple developer ID. It has been revoked in the meantime.

    Yet, the researchers believe that the apps were never meant to be a part of
    an actual hacking campaign, and that they only served as an experiment.

    The malware discovered in this blog shows strong signs that it is likely testing for greater weaponization, they added. This could perhaps be an attempt to see if a properly signed app with malicious code obscured within a dylib could get approved by Apples notarization server, as well as slide
    under the radar of antivirus vendors.

    Via BleepingComputer You might also like D-Link routers are being hacked to steal customer passwords but it says there is no patch Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-target-macos-users -with-flutter-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)