FlutterShell macOS Backdoor Abuses Flutter Framework and WKWebView for Stealthy Attacks
A new macOS backdoor called FlutterShell abuses Google's Flutter framework and WKWebView to evade detection, active from December 2025 to March 2026.
Researchers at LevelBlue have analyzed FlutterShell, a macOS backdoor that was active from December 2025 to March 2026. The malware, tracked as Operation FlutterBridge (CL-CRI-1089), abuses Google's Flutter app development framework and WKWebView to evade detection. It spreads via malicious Google and YouTube ads for productivity apps, carrying valid Apple Developer certificates to bypass Gatekeeper.
FlutterShell uses a C2-conditional design where commands are delivered via JavaScript through a hidden WKWebView. The malware only activates when it receives live instructions from an attacker-controlled server. In sandbox tests, the binary launched cleanly, displayed a working app interface, and then produced no activity at all, making it appear harmless.
The backdoor performs hardware fingerprinting by harvesting the Mac's unique hardware identifier. It then modifies Chrome's settings to silently swap the default search engine for an attacker-controlled domain, kills Chrome, and relaunches it with flags that hide any crash warning from the user. Persistence is achieved through bundle replacement via the Sparkle update mechanism.
Across three generations, the command names evolved from exec_sync to pdf_sync to renderPDF, camouflaging activity as normal PDF application behavior. Apple revoked the first developer certificate on December 31, 2025, and a new generation appeared twelve days later with a fresh one. A second revocation followed on January 31, 2026, and a third generation arrived in March using a self-signed certificate.
The LevelBlue team recommends prioritizing behavioral endpoint detection over static signatures, as Generation 3 evaded most pattern-based tools after certificate rotation and Dart symbol obfuscation. Monitoring for non-browser processes making outbound HTTPS connections to unknown domains, unusual child processes harvesting hardware identifiers, and unexpected writes to Chrome's profile directory are the most reliable detection signals.