Unit 42 Operation FlutterBridge: notarized macOS backdoor hides its logic in a remote WebView and exfiltrates documents through an "AI summarise" feature

Unit 42 details Operation FlutterBridge, the evolution of cluster CL-CRI-1089 (active since August 2025), which distributes macOS backdoors disguised as productivity apps (PodcastsLounge, PDF-Brain, PDF-Ninja) via hundreds of Google Ads bought through verified shell companies (Unit 42, 2026-06-02; The Hacker News, 2026-06-04). Every sample was signed with a valid Apple Developer ID and passed notarization, with zero VirusTotal detections at analysis time — Gatekeeper does not catch these. The FlutterShell payload keeps its malicious logic on an attacker-controlled website and uses a Flutter JavaScript-to-native bridge to translate JSON commands into native macOS calls, so capability changes need no new binary. Confirmed behaviour: arbitrary shell execution, file read/write, environment-variable theft, Chrome hijacking via the "Secure Preferences" file, and document exfiltration routed through the attacker's server under the guise of an AI document-summarisation feature. Targeting is global with explicit emphasis on Western Europe, including France and Germany.

Why it matters to us: notarization-bypassed, Developer-ID-signed macOS malware defeats the controls most teams lean on for Mac fleets. The reliable detection layer is behavioural: macOS endpoint telemetry for apps that instantiate a WKWebView with a custom JS message handler that then spawns shell processes, non-browser writes to Chrome's Secure Preferences, and outbound connections from "productivity" apps to CDN-fronted infrastructure.