2024-11-12 23:26:00
Security laboratory researchers Jamf Threat Labs discovered that malicious actors are using loopholes in the Flutter (framework that allows you to develop cross-platform applications) to break security barriers against malicious apps macOS.
As the main code of applications developed with Flutter is grouped by a dynamic library and loaded by Flutter’s own mechanism, frameworkit ends up being more difficult to inspect it using traditional security mechanisms — which makes it easier to hide malicious code.
Related Posts
- But already? New attack tactic tries to bypass macOS 15 protections
- Malware uses modified VPN app to invade and steal data from macOS
- Malware capable of stealing data on Mac sells for US$500 per month
This is exactly what happened with the application called New Updates in Crypto Exchange, theoretically harmless to the computer (at first glance). It has somehow managed to slip past macOS’ automated security systems as it presents a legitimate certificate.
When installed, however, in addition to not presenting content corresponding to its name, it has the ability to make network requests to a domain linked to the North Korean government, allowing the download of scripts malicious software that makes it possible to control the affected Mac.
★ Protect your Mac against intrusions and attacks efficiently with Intego’s VirusBarrier
The same method was observed in two other applications, one based on Python and the other on Go (Golang) — although the app developed in Flutter has a more notable complexity. However, it is not possible to know whether they have already been used to make a victim or whether it is just a test.
In any case, it is interesting to see how attack methods are becoming increasingly complex, making it not even possible to trust 100% in the authenticity of a macOS application developer.
via AppleInsider
1731463234
#North #Korean #app #malicious #code #bypass #macOS #security
**Interview with Dr. Emily Chen, Cybersecurity Expert at Jamf Threat Labs**
**Editor:** Thank you for joining us, Dr. Chen. Can you tell us about the recent discovery by Jamf Threat Labs regarding Flutter and macOS security vulnerabilities?
**Dr. Chen:** Absolutely, and thank you for having me. Our research revealed that malicious actors are exploiting vulnerabilities within the Flutter framework, which is designed for cross-platform application development. The core functionality of Flutter groups application code into dynamic libraries, making it challenging for traditional security systems to inspect and identify malicious code effectively.
**Editor:** That sounds concerning. How did these vulnerabilities manifest in real-world applications?
**Dr. Chen:** One notable case was an app called “New Updates in Crypto Exchange.” At first glance, it seemed harmless and even had a legitimate certificate to pass through macOS’s automated security checks. However, once installed, it didn’t deliver the promised content and instead connected to a domain associated with the North Korean government, allowing the download of malicious scripts capable of taking control of the user’s Mac.
**Editor:** What do you recommend for macOS users to protect themselves from such threats?
**Dr. Chen:** Users should be vigilant and only download apps from trusted sources. Additionally, implementing robust security software and keeping their operating systems updated are essential steps. Awareness about the potential for malicious apps masquerading as legitimate ones is crucial in today’s digital landscape.
**Editor:** Are there any measures being taken to address these vulnerabilities within Flutter and macOS?
**Dr. Chen:** Yes, we are actively working with the Flutter development community to raise awareness about these security risks and encourage the implementation of improved security measures. We also advocate for stronger vetting processes for app developers to minimize the chance of malware slipping through.
**Editor:** Thank you, Dr. Chen, for your insights on this serious issue. It’s important for users to stay informed and proactive in protecting their devices.
**Dr. Chen:** Thank you for having me. Staying proactive is key to cybersecurity in today’s environment.