FlutterShell
FlutterShell is a macOS malware family and backdoor built with Google’s Flutter framework, observed in the large-scale malvertising campaign Operation FlutterBridge. It has been linked by Palo Alto Networks Unit 42 to cybercrime cluster CL-CRI-1089, which has been active since at least 2023 and has also been associated with earlier JSCoreRunner/FileRipple activity and broader malvertising operations involving Windows malware such as RecipeLister and Calendaromatic. FlutterShell has been distributed via malicious Google and YouTube advertisements placed through networks of Google-verified shell companies, targeting macOS users in the United States, Canada, Australia, France, and Germany, with emphasis on English-speaking and Western European markets.
Observed FlutterShell samples masqueraded as legitimate desktop applications, including PodcastsLounge, PDF-Brain, and PDF-Ninja. These apps were described as functional, signed with valid Apple Developer IDs, and able to pass Apple notarization at the time of analysis, which likely increased victim trust and reduced detection. At the time researchers analyzed them, the samples reportedly had zero VirusTotal detections.
FlutterShell combines adware and backdoor functionality. Reported capabilities include arbitrary shell command execution, file read/write and broader file system interaction, environment variable exfiltration, system fingerprinting, browser session theft, and browser hijacking. The malware modifies Google Chrome configuration, including Secure Preferences, to redirect searches and new tabs to attacker-controlled sites for ad monetization; reported attacker-controlled domains include sinterfumesco.com. Researchers also observed Chrome being terminated and relaunched with custom arguments to suppress warnings and force the hijack behavior. Unit 42 noted detection opportunities including suspicious changes to Chrome Secure Preferences, unexpected Chrome restarts with custom launch arguments, and use of the IOPlatformUUID fingerprinting command.
A notable architectural feature is FlutterShell’s use of a WebView-based design with a JavaScript-to-native bridge, including a command channel referred to as flutterInvoke. Rather than embedding all malicious logic in the binary, FlutterShell retrieves logic dynamically from attacker-controlled infrastructure, allowing operators to alter behavior in real time without recompiling or updating the app. Reported remote endpoints included paths such as /getConfig and /getUpdateThanksConfig. Some variants, particularly PDF-Brain and PDF-Ninja, also included an AI-powered summarization feature that routed document contents through attacker-controlled servers before returning results, creating an additional data-exfiltration path.
High-confidence indicators mentioned in the content include C2 or related domains atsheisdomestic.org, etoftheappyrince.org, healightejustb.org, and the ad-redirect domain sinterfumesco.com; additional related domains include ads-parkpro.com, adsparkpro.top, adsparkpro.net, and softwe.art. Listed URLs include https://atsheisdomestic.org/update-thanks.html, https://etoftheappyrince.org/update-delay, and https://healightejustb.org/checkupdateTO.js. Listed SHA-256 hashes are 021666417de8b9972c179783fe60d4c4ad2d93224e3a0f16137065c960b1b845, 363923500ce942bf1a953e8a4e943fbf1fb1b5ed6e5d247964c345b3ad5bfc34, 8421c902364980e3d762ec6dbbe6b0f40577c27bd79b48c57d098328b2533109, and 644fc49fa1006a2a2acace694e5fb83753164e2617051ece6d9dc9ea32329e70.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
The malware at the center of this campaign is called FlutterShell, a backdoor built using Google’s Flutter framework.
Techniques & procedures
22 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
1 techniqueThreat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on infected machines... the attackers have been spreading malware via malvertising since at least 2023.
Initial Access
1 techniqueThreat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on infected machines.
Execution
4 techniquesIt gives attackers full remote control over the infected system, including the ability to execute commands... FlutterShell shares its core command structure with a previously documented macOS malware called JSCoreRunner, including functions for executing commands.
In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation.
TamperedChef (aka EvilAI), an ongoing series of campaigns that involve using trojanized versions of productivity software to deliver potentially unwanted programs (PUPs) and adware.
Stealth
5 techniquesThe second variant (PDF-Brain) had some of its strings obfuscated, and the third variant (PDF-Ninja) utilized Flutter’s native --obfuscate flag, which strips debug information and randomizes symbol names.
FlutterShell is a macOS backdoor developed using the Flutter framework and designed to masquerade as legitimate software.
Manual execution : Rather than waiting for the user to authorize the install, the malware programmatically executes the open command on the staged app bundle found in the cache.
Defense Impairment
1 techniqueAll observed samples were signed with valid Apple Developer IDs and successfully passed notarization, meaning Apple's automated security checks did not flag them as malicious at the time of submission.
Credential Access
1 techniqueFlutterShell also enables system fingerprinting and the theft of browser session data.
Discovery
5 techniquesCapability FlutterShell JSCoreRunner ... Get Home Directory get_home_dir _osHomedir
To apply the URL and domain changes, FlutterShell terminates the Google Chrome process using killall "Google Chrome"
FlutterShell also enables system fingerprinting and the theft of browser session data. | The latest iteration entails the deployment of FlutterShell, which supports arbitrary command execution, file system interaction, and environment variables exfiltration.
FlutterShell shares its core command structure with a previously documented macOS malware called JSCoreRunner, including functions for executing commands, reading files, and listing directories.
Collection
1 techniqueOnce installed, the malware fingerprints the machine and then targets Google Chrome. It modifies Chrome’s settings file to redirect every new tab and search query to an attacker-controlled site loaded with ads.
Command and Control
4 techniquesWhat makes FlutterShell noteworthy is that it implements a WebView-based architecture that utilizes a JavaScript-to-native bridge, thereby allowing the adversary to host malicious logic on an external website, rather than embedding it into the binary.
Instead of embedding harmful instructions in the app binary, the malware loads a remote webpage through a built-in browser component called a WebView. That webpage contains the actual attack logic, sent as commands over a channel named flutterInvoke.
The primary payload of FlutterShell is embedded within the main webpage and a /update-thanks.html subdirectory of the attacker-controlled site... retrieve the core malicious logic from external endpoints: /getConfig and /getUpdateThanksConfig.
This design lets attackers change what the malware does at any moment, without updating the app itself... FlutterShell retrieves it dynamically, making detection far more difficult.
Exfiltration
1 techniqueThe PDF-Brain and PDF-Ninja versions also weaponized an AI summarization feature, secretly routing document content through attacker servers before delivering results to the user.
IOCs tracked for this family
25 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A macOS-focused backdoor disguised as legitimate desktop applications and distributed via Google Ads malvertising. It loads remote attack logic through a WebView, gives attackers remote control of infected systems, can execute commands, read and write files, steal sensitive data, fingerprint hosts, modify Google Chrome settings to redirect searches/new tabs, and in some variants route document content through attacker servers.
A macOS malware family used in the Operation FlutterBridge malvertising campaign. It is built with Flutter and delivered via trojanized desktop applications advertised through malicious Google and YouTube ads. It hijacks Google Chrome traffic through an attacker-controlled intermediary site, supports arbitrary command execution, file system interaction, environment variable exfiltration, system fingerprinting, browser session theft, and uses a WebView-based JavaScript-to-native bridge so attackers can dynamically change behavior without recompiling the binary.
Flutter-based macOS malware distributed via malvertising that provides adware and backdoor functionality, including remote command execution, file manipulation, and in some variants abuse of AI-powered document summarization features to aid data exfiltration.
A macOS malware family built with Flutter that masquerades as legitimate desktop apps, hijacks Google Chrome for ad fraud, and provides backdoor capabilities including arbitrary command execution, file system interaction, environment variable exfiltration, and document exfiltration via an AI summarization workflow routed through attacker-controlled infrastructure.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.