FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Summary

Palo Alto Networks Unit 42 uncovered Operation FlutterBridge, a macOS malvertising campaign distributing FlutterShell, a new backdoor built with Flutter framework. The backdoor, attributed to threat group CL-CRI-1089, spreads via malicious Google and YouTube ads posing as legitimate productivity apps and infects targets with adware, shell command execution, and browser hijacking capabilities. The malware uses WebView-based architecture with JavaScript-to-native bridge for dynamic payload updates and has been detected as recently as March 2026 targeting macOS users in the U.S., Canada, Australia, France, and Germany.

Full text

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads Ravie LakshmananJun 04, 2026Malvertising / Browser Security Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is being tracked under the moniker CL-CRI-1089. The attackers are assessed to be active since at least 2023. "Built using the Flutter framework, FlutterShell infects targets with adware via malicious desktop applications," Unit 42 said. "In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation." Operations attributed to CL-CRI-1089 also include Recipe Lister and Calendaromatic, both of which fall under a broader designation known as TamperedChef (aka EvilAI), an ongoing series of campaigns that involve using trojanized versions of productivity software to deliver potentially unwanted programs (PUPs) and adware. These campaigns distribute malicious Google and YouTube advertisements using a network of Google-verified shell companies, with the ads acting as a lure to trick targets into deploying malware that masquerades as legitimate desktop applications. Some of the front companies are AdsParkPro LTD, Advantage Web Marketing LLC, and SOFT WE ART LIMITED (now PACIFIC TRADE SOLUTIONS LTD). Target audiences for these ads are macOS users in the U.S., Canada, Australia, France, and Germany. Although none of the Google Ads accounts are currently accessible via the Google Ads Transparency Center, records from YouControl and the U.K. government's Companies House register indicate that the firms all have links to Ukrainian individuals. The latest iteration entails the deployment of FlutterShell, which supports arbitrary command execution, file system interaction, and environment variables exfiltration. These efforts have been detected as recently as March 2026. "Upon execution, the malware modifies Google Chrome configuration files to hijack the browser, forcing all traffic through an attacker-controlled, ad-filled intermediary site," researchers Ido Asher, Noa Dekel, and Tom Fakterman said. "All observed samples were signed with valid Apple Developer IDs and successfully passed notarization, meaning Apple's automated security checks did not flag them as malicious at the time of submission." What makes FlutterShell noteworthy is that it implements a WebView-based architecture that utilizes a JavaScript-to-native bridge, thereby allowing the adversary to host malicious logic on an external website, rather than embedding it into the binary. This, in turn, makes it possible to dynamically alter the malware's behavior in real time without having to recompile or push out an updated version to compromised hosts. "In WebView-based architecture, a native application uses an embedded web browser component to display content," Unit 42 explained. "The JavaScript-to-native bridge acts as a communication channel between this web content and the host native application, allowing them to exchange data and cross-invoke functionality." Three different variants of FlutterShell, viz., PodcastsLounge, PDF-Brain, and PDF-Ninja, have been identified. This, coupled with the presence of unfinished functions in the JavaScript logic hosted on the attackers' infrastructure, suggests the malware is likely under active development. Some of the variants, PDF-Brain and PDF-Ninja, feature an artificial intelligence (AI)-powered summarization capability by relaying documents through an attacker-controlled server before processing them. FlutterShell also enables system fingerprinting and the theft of browser session data. FlutterShell has also been found to share technical similarities with Calendaromatic and Recipe Lister, the most obvious being the WebView-based code architecture to facilitate dynamic payload changes. What's more, Advantage Web Marketing LLC has been observed not only spreading malicious ads but also acting as the signatory for Windows adware variants associated with the cluster. "The evolution from JSCoreRunner to FlutterShell represents a significant increase in technical depth for the attackers behind CL-CRI-1089," Unit 42 said. "Furthermore, the scale of the distribution network, coupled with the verified shell entities used to bypass ad-network vetting, highlights the persistent danger of malvertising. The coordination of multiple shell entities, and the rapid development and delivery of new FlutterShell variants, indicates that this campaign is far from over." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  adware, Backdoor, Browser Hijacking, cybersecurity, Google Ads, MacOS, malvertising, Palo Alto Networks ⚡ Top Stories This Week Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More Malicious npm Package Stole Files From Claude AI User Directory via GitHub GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions ⭐ Featured Resources Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report Learn How to Stop Attacks Before They Reach Your EDR – With PHASR Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo) [Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)

Indicators of Compromise

• malware — FlutterShell
• malware — JSCoreRunner
• malware — TamperedChef
• malware — PodcastsLounge
• malware — PDF-Brain
• malware — PDF-Ninja

Entities