{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihlg366bef5kxu2axrxjjyfxpga22aygte64q33eim36ets5cn2vm",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mnhtzv57dwe2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreierz2jjjijykmw3ncvlbzs2ydkgvirsmeq5uj6x3pzk3c3tzcpuei"
    },
    "mimeType": "image/jpeg",
    "size": 344030
  },
  "path": "/2026/06/fluttershell-backdoor-spreads-to-macos.html",
  "publishedAt": "2026-06-04T11:19:53.000Z",
  "site": "https://thehackernews.com",
  "textContent": "Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.\n\nAccording to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is",
  "title": "FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads"
}