SecurityAI-assisted1 min read

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have identified a macOS malvertising campaign called Operation FlutterBridge that distributes the FlutterShell backdoor through malicious Google and YouTube advertisements. Palo Alto Networks Unit 42 reports this represents an evolution of the JSCoreRunner (FileRipple) attack cluster previously documented in August 2025, indicating an ongoing and adapting threat campaign

Utopia Tech

June 4, 2026 · 1 min read

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is

Originally published at thehackernews.com

#Backdoor #Cybersecurity #macOS Security #Malvertising #Malware #Threat Intelligence #Vulnerabilities

▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Schedule the call

▸ Continue reading

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Talk to an architect about applying this to your stack.

More from the journal

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months