New threat targeting macOS discovered

SUMMARY :

Jamf Threat Labs uncovered malware samples linked to North Korea, built using Flutter, which provides inherent obfuscation. The malware, discovered in late October, includes Go, Python, and Flutter variants. The Flutter-built application presents a minesweeper game while making network requests to a known DPRK-associated domain. The malware executes AppleScript code received from the server. Similar functionality was observed in Go and Python variants. The attackers may be testing new weaponization techniques, potentially attempting to bypass Apple's notarization process and antivirus detection. This marks the first instance of this actor using Flutter to target macOS devices.

OPENCTI LABELS :

macos,obfuscation,golang,python,dprk,stage-one-payload,flutter,applescript


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New threat targeting macOS discovered