Jamf Threat Labs has released a report revealing APT actors from the DPRK have been embedding malware within Flutter applications. This marks the first time Jamf has seen attackers use this tactic to go after macOS devices.

Flutter is a framework developed by Google that simplifies app design for developers who are designing an app that they want to look consistent across macOS, iOS and Android. The benefit for attackers? Flutter-built applications provide a large amount of obscurity to the code.

Jamf also discovered two other malware variants: a Golang variant (which was previously signed and notarized by Apple, then had its signature revoked) and a Python variant built with the Py2App. The blog post reveals technical details on the packaging and execution of all three variants and a warning from Jamf that actors are likely testing a new way to weaponize malware on a large scale.

