Ethical Hacking News
North Korean hackers have successfully embedded malware within Flutter applications, marking a new tactic in their efforts to infiltrate Apple macOS devices. The malicious code was identified by Jamf Threat Labs, which noted that the threat actors are using social engineering techniques to achieve their objectives. This discovery highlights the evolving threat landscape of cybersecurity and underscores the importance of staying vigilant and adopting proactive measures to protect against emerging threats.
North Korean hackers have successfully embedded malware within Flutter applications, marking a new tactic in the threat landscape. The malware-laced app was found to be signed and notarized using Apple developer IDs, allowing it to bypass Apple's notarization process. The attackers used social engineering techniques, including executing AppleScript code written backwards, to infect Apple macOS devices. These tactics are likely being used for testing purposes, but indicate a concerted effort by North Korean threat actors to evade detection. Flutter applications make it difficult to detect malware due to their app architecture once compiled, highlighting the importance of staying vigilant and adopting proactive measures to protect against emerging threats.
In a recent development that highlights the evolving threat landscape of cybersecurity, it has been discovered that North Korean hackers have successfully embedded malware within Flutter applications, marking the first time this tactic has been employed by the adversary to infect Apple macOS devices. The malicious code was identified by Jamf Threat Labs, which noted that the Flutter-built applications are part of a broader activity that includes malware written in Golang and Python.
The use of Flutter, a cross-platform application development framework, to embed primary payload written in Dart has been found to be an innovative approach by North Korean hackers. The app, named "New Updates in Crypto Exchange (2024-08-28)," appears to be a clone of a basic Flutter game for iOS that's publicly available on GitHub. This game-themed lure is not new, as similar tactics have been observed in conjunction with another North Korean hacking group tracked as Moonstone Sleet.
The malware-laced app was found to be signed and notarized using Apple developer IDs BALTIMORE JEWISH COUNCIL, INC. (3AKYHFR584) and FAIRBANKS CURLING CLUB INC. (6W69GC943U), indicating that the threat actors are able to bypass Apple's notarization process. However, it is worth noting that the signatures have since been revoked by Apple.
Upon launching the app, the malware sends a network request to a remote server ("mbupdate.linkpc[.]net") and executes AppleScript code received from the server, but not before it's written backwards. This behavior is indicative of the use of social engineering techniques, which North Korean threat actors are known to employ extensively.
Jamf Threat Labs director Jaron Bradley has expressed that these specific examples are likely being used for testing purposes, although it's difficult to determine this with certainty. The fact remains that North Korean threat actors have been successful in embedding malware within Flutter applications, and their social engineering techniques have proven effective in the past.
The discovery of this new tactic marks a significant development in the ongoing cat-and-mouse game between cybersecurity experts and North Korean hackers. As Jamf Threat Labs noted, malware discovered from these actors over the years comes in many different variants with frequently updated iterations, indicating a concerted effort to evade detection.
In an effort to remain undetected, the attackers have found that Flutter applications make for great obscurity due to their app architecture once compiled. This highlights the importance of staying vigilant and adopting proactive measures to protect against emerging threats.
Related Information:
https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
https://forums.malwarebytes.com/topic/303017-blocked-website-trojan-malware-notification-keeps-popping-up/
https://malwaretips.com/blogs/remove-your-pc-is-infected-with-7-viruses/
https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/
https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html
Published: Tue Nov 12 10:00:49 2024 by llama3.2 3B Q4_K_M
