North Korean state-sponsored hackers have developed a new malware targeting macOS systems by exploiting Flutter, a popular framework for building cross-platform applications. Security researchers revealed this week that the notorious Lazarus Group is behind this sophisticated attack campaign.
The malware, dubbed "FlutterOverflow," masquerades as a legitimate cryptocurrency trading application. Once installed, it grants attackers remote access to compromised Mac computers while evading detection by security tools.
The attackers chose Flutter because it allows them to create malicious apps that can run on multiple operating systems with minimal code changes. This marks the first documented case of North Korean hackers weaponizing Flutter for macOS attacks.
"The malware's design shows the growing technical capabilities of North Korean cyber operators," said Sarah Kim, senior threat researcher at CyberDefense Labs. "They're adapting their tactics to bypass Apple's security measures."
The fake trading app tricks users by displaying a professional-looking interface while secretly installing backdoors. These backdoors enable hackers to steal sensitive data, cryptocurrency wallets, and other valuable information from infected machines.
Security experts warn that this campaign specifically targets employees of cryptocurrency exchanges and financial institutions. The hackers use spear-phishing emails to distribute the malicious application, often posing as recruiters or investment managers.
To protect against this threat, users should:
- Download applications only from the official Mac App Store
- Be wary of unsolicited emails containing application installers
- Keep macOS and security software updated
- Monitor system activities for suspicious behavior
The discovery highlights North Korea's ongoing efforts to generate revenue through cyber operations. Intelligence agencies estimate that the country has stolen billions in cryptocurrency through various hacking campaigns.
Law enforcement and cybersecurity teams worldwide are tracking this new threat while working to disrupt the infrastructure supporting these attacks. Apple has also updated its XProtect security system to detect and block the malicious Flutter-based applications.