North Korean app with malicious code can bypass macOS security

North Korean app with malicious code can bypass macOS security

2024-11-12 23:26:00

Security laboratory researchers Jamf Threat Labs discovered that malicious actors are using loopholes in the Flutter (framework that allows you to develop cross-platform applications) to break security barriers against malicious apps macOS.

As the main code of applications developed with Flutter is grouped by a dynamic library and loaded by Flutter’s own mechanism, frameworkit ends up being more difficult to inspect it using traditional security mechanisms — which makes it easier to hide malicious code.

Related Posts

  • But already? New attack tactic tries to bypass macOS 15 protections
  • Malware uses modified VPN app to invade and steal data from macOS
  • Malware capable of stealing data on Mac sells for US$500 per month

This is exactly what happened with the application called New Updates in Crypto Exchange, theoretically harmless to the computer (at first glance). It has somehow managed to slip past macOS’ automated security systems as it presents a legitimate certificate.

When installed, however, in addition to not presenting content corresponding to its name, it has the ability to make network requests to a domain linked to the North Korean government, allowing the download of scripts malicious software that makes it possible to control the affected Mac.

North Korean app with malicious code can bypass macOS security

★ Protect your Mac against intrusions and attacks efficiently with Intego’s VirusBarrier

The same method was observed in two other applications, one based on Python and the other on Go (Golang) — although the app developed in Flutter has a more notable complexity. However, it is not possible to know whether they have already been used to make a victim or whether it is just a test.

In any case, it is interesting to see how attack methods are becoming increasingly complex, making it not even possible to trust 100% in the authenticity of a macOS application developer.

via AppleInsider

1731463234
#North #Korean #app #malicious #code #bypass #macOS #security
**Interview with Dr. Emily Chen,⁤ Cybersecurity Expert at Jamf Threat Labs**

**Editor:**⁤ Thank‌ you for joining us, Dr. Chen. Can you​ tell us about the recent ​discovery by Jamf Threat Labs regarding Flutter and macOS security vulnerabilities?

**Dr. Chen:** ‌Absolutely, and thank you ​for having me.⁢ Our research⁣ revealed‌ that malicious actors are exploiting vulnerabilities within the Flutter framework, which‍ is designed for cross-platform application ​development. The core functionality of⁣ Flutter groups application code into dynamic libraries, making ‌it challenging for traditional⁤ security systems⁤ to inspect⁢ and​ identify malicious code effectively.

**Editor:** That sounds ‍concerning. How did these vulnerabilities manifest ⁣in real-world applications?

**Dr. Chen:**⁤ One notable case was an app⁣ called‍ “New ‌Updates⁣ in Crypto Exchange.” At first glance, it‍ seemed harmless and even had a ⁤legitimate certificate to pass through ⁤macOS’s automated security ​checks. However,⁤ once installed, it didn’t deliver the promised content and instead⁣ connected to a domain associated with the North Korean government, allowing the download of malicious ⁢scripts capable of taking control of the⁢ user’s Mac.

**Editor:** What do you ‍recommend ‌for macOS users to protect themselves from such threats?

**Dr. Chen:** Users should be vigilant and only download apps from trusted ‌sources. Additionally, implementing robust security software and keeping their operating systems updated are essential steps. Awareness about the potential for malicious apps masquerading as legitimate ones is crucial in today’s digital landscape.

**Editor:** Are there ⁢any measures being taken⁤ to address these vulnerabilities⁤ within Flutter and ⁣macOS?

**Dr. Chen:** Yes,‍ we are actively⁣ working with the Flutter development community ⁤to raise awareness about these security‌ risks and encourage the implementation ⁤of improved security measures. We ​also advocate for stronger vetting‍ processes for app developers​ to minimize⁤ the chance of⁢ malware slipping through.

**Editor:** Thank you, Dr. Chen, for your insights on this serious issue. It’s important for ⁢users to stay informed and proactive in protecting their devices.

**Dr. Chen:** Thank you for having me. Staying ‍proactive is ⁣key to cybersecurity in today’s environment.

Leave a Replay