Hidden cyberattack on Apple users
This is malware that uses various technologies, including Flutter, Go and Python, to attack macOS systems and obfuscation tactics to evade malicious code detection scans.
Are you prepared for cyber attacks?
With the DEFENDERBOX you are one step ahead of cyber threats: Strengthen your company’s resistance to hacker attacks — especially in your own environment!
Would you like to know how secure your company is? Find out with a test setup! Book now:
Flutter & Co
In the Flutter application, it disguises itself as a harmless app and uses the complex Flutter architecture to avoid detection. Upon execution, it sends a request to a known DPRK domain to download a second payload that can execute AppleScript codes in the next step. Attackers can use AppleScript to execute various commands on the infected macOS system. In the case under investigation, it was a Minesweeper game.
Test run?
It is still unclear whether this is real malware or a test for new types of malware attacks. However, it is suspected that the malware is a test run for a larger cyber attack. The hackers responsible are known to run very convincing social engineering campaigns. They could be trying to find out whether a properly signed app with malicious code hidden in a dylib will be approved by Apple and how long it will stay under the radar of security vendors who provide generic solutions that are not specialized for OS operating systems.
EN 
DE