Search

Security Advisory : Disguised Apps with Malware targeted MacOS 

RGSA 11-29-24 

Date: November, 29, 2024 

 

INTRODUCTION 

In late October, Jamf Threat Labs discovered North Korean malware targeting macOS, using Flutter-built applications as the framework. Flutter is an open-source framework by Google that allows developers to build apps for mobile, web, and desktop using a single codebase, instead of writing separate code for each platform. These apps, often disguised as innocent software like a Minesweeper game, contain hidden harmful code secretly embedded within a legitimate file. This exploits Apple’s approval process, as it cannot be easily identified. The malware was signed using developer certificates (a digital credential issued to software developers to verify their identity), although Apple revoked it after discovery. This malware may be testing new delivery methods, with advanced techniques to bypass antivirus detection and Apple’s security. The complexity of Flutter apps offers an ideal cover for malicious code, raising concerns about future weaponization efforts. 

Prevention 

To safeguard against potential future attacks, the following methods are recommended for the general protection of Mac and Windows systems from malware: 

  1. Use EDR services to monitor and protect: Platforms like Cynet can help detect and stop threats quickly in real-time and provide protection against advanced threats like this. In some cases, EDR tools can proactively identify and block an action and stop an attack in its tracks. 
  1. Be careful with downloads and links: Download software only from trusted sources such as official websites or app stores. Avoid clicking on suspicious email links or pop-ups, as they may lead to phishing or malware sites. Be cautious of torrent or pirated software, which often contain hidden malware. 
  1. Keep your software up to date: Regularly update software to patch security vulnerabilities that hackers could exploit. You can set your Mac to install updates automatically for both macOS and apps and manually check for updates regularly to stay protected. 
  1. Use strong, unique passwords: Create complex passwords that include a mix of letters, numbers, and symbols and use a unique password for each account to avoid cross-site vulnerabilities. Consider using a password manager such as 1Password to securely store and generate passwords.  
  1. Enable two-factor authentication (2FA): 2FA adds an extra security layer by requiring a second form of verification. Use an authenticator app (vs. SMS) for more secure verification and enable 2FA on accounts like email, banking, and social media for added protection. 

A person using their smartphone

HOW RICHTER GUARDIAN CAN HELP YOU 

  • Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com.  Connect with our cyber concierge to discuss options to protect you using our Richter Guardian Platform, which includes reliable antivirus software to help detect and block malware.  
  • We can also assist you in setting up 1Password to keep your passwords secure and generate safer, more complex ones.