FlutterShell

Threat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on infected machines... the attackers have been spreading malware via malvertising since at least 2023.

Threat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on infected machines.

It gives attackers full remote control over the infected system, including the ability to execute commands... FlutterShell shares its core command structure with a previously documented macOS malware called JSCoreRunner, including functions for executing commands.

In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation.

TamperedChef (aka EvilAI), an ongoing series of campaigns that involve using trojanized versions of productivity software to deliver potentially unwanted programs (PUPs) and adware.

FlutterShell modifies the default_search_provider_data block within this file, specifically changing the url and new_tab_url values to the attacker-controlled domain sinterfumesco[.]com.

The second variant (PDF-Brain) had some of its strings obfuscated, and the third variant (PDF-Ninja) utilized Flutter’s native --obfuscate flag, which strips debug information and randomizes symbol names.

FlutterShell is a macOS backdoor developed using the Flutter framework and designed to masquerade as legitimate software.

Manual execution : Rather than waiting for the user to authorize the install, the malware programmatically executes the open command on the staged app bundle found in the cache.

Upon initial execution, FlutterShell waits for a specific duration received dynamically from the command and control (C2) server before contacting the attackers’ website — which contains the malicious JavaScript code — to avoid analysis and build user trust.

FlutterShell modifies the default_search_provider_data block within this file, specifically changing the url and new_tab_url values to the attacker-controlled domain sinterfumesco[.]com.

All observed samples were signed with valid Apple Developer IDs and successfully passed notarization, meaning Apple's automated security checks did not flag them as malicious at the time of submission.

FlutterShell also enables system fingerprinting and the theft of browser session data.

Capability FlutterShell JSCoreRunner ... Get Home Directory get_home_dir _osHomedir

To apply the URL and domain changes, FlutterShell terminates the Google Chrome process using killall "Google Chrome"

FlutterShell also enables system fingerprinting and the theft of browser session data. | The latest iteration entails the deployment of FlutterShell, which supports arbitrary command execution, file system interaction, and environment variables exfiltration.

FlutterShell shares its core command structure with a previously documented macOS malware called JSCoreRunner, including functions for executing commands, reading files, and listing directories.

Upon initial execution, FlutterShell waits for a specific duration received dynamically from the command and control (C2) server before contacting the attackers’ website — which contains the malicious JavaScript code — to avoid analysis and build user trust.

Once installed, the malware fingerprints the machine and then targets Google Chrome. It modifies Chrome’s settings file to redirect every new tab and search query to an attacker-controlled site loaded with ads.

What makes FlutterShell noteworthy is that it implements a WebView-based architecture that utilizes a JavaScript-to-native bridge, thereby allowing the adversary to host malicious logic on an external website, rather than embedding it into the binary.

Instead of embedding harmful instructions in the app binary, the malware loads a remote webpage through a built-in browser component called a WebView. That webpage contains the actual attack logic, sent as commands over a channel named flutterInvoke.

The primary payload of FlutterShell is embedded within the main webpage and a /update-thanks.html subdirectory of the attacker-controlled site... retrieve the core malicious logic from external endpoints: /getConfig and /getUpdateThanksConfig.

This design lets attackers change what the malware does at any moment, without updating the app itself... FlutterShell retrieves it dynamically, making detection far more difficult.

The PDF-Brain and PDF-Ninja versions also weaponized an AI summarization feature, secretly routing document content through attacker servers before delivering results to the user.