Full Report
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is
Analysis Summary
# Tool/Technique: FlutterShell
## Overview
FlutterShell is a sophisticated macOS backdoor discovered during "Operation FlutterBridge." Developed using the Flutter framework, it masquerades as legitimate productivity software (e.g., PDF converters, podcast managers) and is distributed via malicious Google and YouTube advertisements. It employs a WebView-based architecture to bridge JavaScript logic with native system commands, allowing attackers to update malicious functionality remotely without recompiling the binary.
## Technical Details
- **Type:** Malware family (Backdoor / Adware)
- **Platform:** macOS
- **Capabilities:** Remote shell command execution, file system manipulation, environment variable exfiltration, and browser hijacking.
- **First Seen:** March 2026 (Part of a lineage dating back to 2023).
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1583.008 - Establish Accounts: Cloud Accounts (Google Ads)]
- [T1204.002 - User Execution: Malicious File]
- **[TA0003 - Persistence]**
- [T1547.015 - Boot or Logon Autostart Execution: KnowledgeBundle / Browser Extensions]
- **[TA0005 - Defense Evasion]**
- [T1553.002 - Subvert Trust Controls: Code Signing]
- [T1553.006 - Subvert Trust Controls: Code Signing Notarization]
- **[TA0007 - Discovery]**
- [T1082 - System Information Discovery]
- [T1083 - File and Directory Discovery]
- **[TA0011 - Command and Control]**
- [T1071.001 - Application Layer Protocol: Web Protocols]
- [T1105 - Ingress Tool Transfer]
## Functionality
### Core Capabilities
- **JavaScript-to-Native Bridge:** Uses an embedded WebView to execute JavaScript that triggers native macOS functions.
- **Shell Execution:** Executes arbitrary bash commands on the infected host.
- **File Manipulation:** Ability to read, write, and delete files on the target system.
- **Information Stealing:** Exfiltrates environment variables and system metadata.
### Advanced Features
- **Dynamic Logic Updates:** Because the core malicious logic is hosted on an external C2 and loaded via WebView, the threat actor can change the malware’s behavior in real-time.
- **Browser Hijacking:** Modifies Google Chrome configuration files to force web traffic through attacker-controlled intermediaries for ad injection.
- **Notarization Bypass:** Samples were successfully signed with valid Apple Developer IDs and passed Apple’s automated notarization security checks.
## Indicators of Compromise
- **File Names:**
- PodcastsLounge
- PDF-Brain
- PDF-Ninja
- **Network Indicators:**
- `AdsParkPro[.]com` (Defanged)
- `softweart[.]com` (Defanged)
- `pacifictradesolutions[.]ltd` (Defanged)
- **Behavioral Indicators:**
- Modification of `/Library/Application Support/Google/Chrome/` configuration files.
- Unexpected outbound connections from Flutter-based applications to unknown domains.
- Execution of `NSTask` or `posix_spawn` initiated by a WebView component.
## Associated Threat Actors
- **CL-CRI-1089** (Also associated with JSCoreRunner, FileRipple, TamperedChef, and EvilAI).
## Detection Methods
- **Signature-based detection:** Scanning for specific Flutter framework metadata and Mach-O binary hashes associated with "PodcastsLounge" or "PDF-Brain."
- **Behavioral detection:** Monitoring for legitimate-looking applications that attempt to modify Chrome preferences or execute shell commands immediately after launch.
- **Developer ID Monitoring:** Revocation check of the specific Apple Developer IDs used to sign these apps (as identified by Unit 42).
## Mitigation Strategies
- **Endpoint Protection:** Use EDR tools that can inspect process trees to see if a GUI application is spawning suspicious sub-processes like `/bin/sh`.
- **User Education:** Advise users against downloading productivity tools via sponsored links on search engines or YouTube Ads.
- **Gatekeeper Policies:** Enforce strict "App Store only" or managed MDM profiles to prevent the installation of unapproved third-party software.
## Related Tools/Techniques
- **JSCoreRunner / FileRipple:** Earlier iterations of this malware cluster.
- **TamperedChef / EvilAI:** Campaigns focusing on trojanized productivity and AI tools.
- **Malvertising:** The primary delivery vector using defunct or shell companies to buy ad space.