North Korean Threat Actors Deploy Flutter-Based Malware to Target macOS Users – Active IOCs
Contents
Agent Tesla Malware – Active IOCs
November 13, 2024Multiple WordPress Plugins Vulnerabilities
November 13, 2024Agent Tesla Malware – Active IOCs
November 13, 2024Multiple WordPress Plugins Vulnerabilities
November 13, 2024Severity
High
Analysis Summary
North Korean threat actors have adopted a novel approach to target Apple macOS devices by embedding malware in applications built with the Flutter framework. This marks the first time such a tactic has been observed with malicious apps disguised as functional software, including a Minesweeper game named "New Updates in Crypto Exchange (2024-08-28)".
Researchers said the primary payload is written in Dart, a programming language associated with Flutter. The apps leverage game-themed lures, a technique previously linked to other North Korean groups like Moonstone Sleet. This suggests a consistent pattern of social engineering targeting cryptocurrency and decentralized finance (DeFi) businesses.
The distribution method of these samples remains unclear, with no evidence that they have been actively deployed against targets. However, researchers suspect that the samples could be …
November 13, 2024Multiple WordPress Plugins Vulnerabilities
November 13, 2024Agent Tesla Malware – Active IOCs
November 13, 2024Multiple WordPress Plugins Vulnerabilities
November 13, 2024Severity
High
Analysis Summary
North Korean threat actors have adopted a novel approach to target Apple macOS devices by embedding malware in applications built with the Flutter framework. This marks the first time such a tactic has been observed with malicious apps disguised as functional software, including a Minesweeper game named "New Updates in Crypto Exchange (2024-08-28)".
Researchers said the primary payload is written in Dart, a programming language associated with Flutter. The apps leverage game-themed lures, a technique previously linked to other North Korean groups like Moonstone Sleet. This suggests a consistent pattern of social engineering targeting cryptocurrency and decentralized finance (DeFi) businesses.
The distribution method of these samples remains unclear, with no evidence that they have been actively deployed against targets. However, researchers suspect that the samples could be …
IoC
http://mbupdate.linkpc.net
7c3f2e37aca9730e11a771fcd756963a
eadfafb35db1611350903c7a76689739d24b9e5c
d4bcc74e261c5c5f5672b4e101965d8d
0b9b61d0fffd52e6c37df37dfdffefc0e121acf7
9598e286142af837ee252de720aa550b3bea79ea
18c274cd1ea6a140a574327df01d9980
6fa932f4eb5171affb7f82f88218cca13fb2bfdc
ea0e8ea3aab4e93e2536dada37599e22
55a746c1d61cd4db4018c468749e61cc79de56c37bd42fee5411873d1d91e4a5
d62198d7d26bea9cebd71b2f04b02fe1a1467973a5eb891885fdb3e8d87c5d4c
ab0a04e2a492fe19410ba395879a6c9eb9fa8b2aaf55c5fcf44666bb6a0a08b3
90e0e88e5b180eb1663c2b2cfe9f307ed03a301b
f819817aad90aadfbb36d23cb4ee6234
7cb8a9db65009f780d4384d5eaba7a7a5d7197c4
9803e2946f19710f4f78cf5c3fea52085304be4479487954f7e6945872c07b89
bfd3f0046b4c4221dfb5ae459c7ec3438de6bf69e263cfd01b256ffd0494ae07
f3d0b74410e6eb732579ba55b4e79fd63214e6fe78c9cc89aeb1dbcab7dec339
c47932089c8db6bca6a2bb4173b74ca5
6817c88c299241643864cf35800d71d2
ee22e7768e0f4673ab954b2dd542256749502e97
e96a23042a0ed4217d6a90b2ecdcee2ec8eec7fbb275b9f21c998be2958c690f
f6357545c0ed118d0763ff6da8e04493
435db426ea6410309487b2a1b3565e4c3f6c300d788850d2188255fc98bffb98
dd38d7097a3359dc0d1c999225286a2f651b154e
a5a530fdecf65f6a48db6c496957116837d076fc15f732054a5e6334daf9f323
a12ad8d16da974e2c1e9cfe6011082baab2089a3
97b973d5efb2d2930286a4ba85dd3ae4
7c3f2e37aca9730e11a771fcd756963a
eadfafb35db1611350903c7a76689739d24b9e5c
d4bcc74e261c5c5f5672b4e101965d8d
0b9b61d0fffd52e6c37df37dfdffefc0e121acf7
9598e286142af837ee252de720aa550b3bea79ea
18c274cd1ea6a140a574327df01d9980
6fa932f4eb5171affb7f82f88218cca13fb2bfdc
ea0e8ea3aab4e93e2536dada37599e22
55a746c1d61cd4db4018c468749e61cc79de56c37bd42fee5411873d1d91e4a5
d62198d7d26bea9cebd71b2f04b02fe1a1467973a5eb891885fdb3e8d87c5d4c
ab0a04e2a492fe19410ba395879a6c9eb9fa8b2aaf55c5fcf44666bb6a0a08b3
90e0e88e5b180eb1663c2b2cfe9f307ed03a301b
f819817aad90aadfbb36d23cb4ee6234
7cb8a9db65009f780d4384d5eaba7a7a5d7197c4
9803e2946f19710f4f78cf5c3fea52085304be4479487954f7e6945872c07b89
bfd3f0046b4c4221dfb5ae459c7ec3438de6bf69e263cfd01b256ffd0494ae07
f3d0b74410e6eb732579ba55b4e79fd63214e6fe78c9cc89aeb1dbcab7dec339
c47932089c8db6bca6a2bb4173b74ca5
6817c88c299241643864cf35800d71d2
ee22e7768e0f4673ab954b2dd542256749502e97
e96a23042a0ed4217d6a90b2ecdcee2ec8eec7fbb275b9f21c998be2958c690f
f6357545c0ed118d0763ff6da8e04493
435db426ea6410309487b2a1b3565e4c3f6c300d788850d2188255fc98bffb98
dd38d7097a3359dc0d1c999225286a2f651b154e
a5a530fdecf65f6a48db6c496957116837d076fc15f732054a5e6334daf9f323
a12ad8d16da974e2c1e9cfe6011082baab2089a3
97b973d5efb2d2930286a4ba85dd3ae4