According to Cointelegraph, researchers from Jamf Threat Labs, an Apple-focused security team, said North Korean hackers appear to have developed malware capable of evading Apple's security checks. These applications seem experimental in nature. This is the first time they've observed such techniques being used to compromise Apple's macOS operating system, although the malware does not run on the latest versions of the system. The researchers found that Microsoft's VirusTotal online scanning service reported these apps as harmless, despite them actually being malicious.
The variants of these applications are written in Go and Python and utilize Google Flutter. Flutter is an open-source development toolkit used for building cross-platform applications.
Researchers noted that the domains and techniques used in this malware closely resemble those found in other known North Korean hacking operations. There are indications that the malware was signed and even temporarily passed Apple’s security verification process. It remains unclear whether this malware has been used in attacks against any specific targets or if the attackers are preparing a new distribution method; it is likely part of a broader weaponization testing effort.




