North Korean hackers have been using Flutter apps to bypass Apple’s security measures on macOS systems. The malicious apps, disguised as legitimate Notepad and Minesweeper games, were signed and notarized by a legitimate developer ID, allowing them to pass Apple’s automated security checks. This enabled the malware to execute without restrictions, posing a significant threat to macOS users.
The apps, centered around cryptocurrency themes, connect to servers linked to North Korean actors. Researchers from Jamf Threat Labs discovered multiple variants of the same underlying app, including ones with Golang and Python-based components. These apps featured script execution capabilities, allowing them to send commands to a command and control (C2) server.
The approach used by North Korean hackers gives malicious code versatility and makes it harder to detect because it’s embedded within a dynamic library. Apple has since revoked the signatures of the malicious apps, rendering them ineffective against up-to-date macOS systems. However, the exact nature of this operation remains unknown, and it is unclear whether these apps were used in actual operations or only for testing purposes.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-create-flutter-apps-to-bypass-macos-security