{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreihlg366bef5kxu2axrxjjyfxpga22aygte64q33eim36ets5cn2vm",
"uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mnhtzv57dwe2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreierz2jjjijykmw3ncvlbzs2ydkgvirsmeq5uj6x3pzk3c3tzcpuei"
},
"mimeType": "image/jpeg",
"size": 344030
},
"path": "/2026/06/fluttershell-backdoor-spreads-to-macos.html",
"publishedAt": "2026-06-04T11:19:53.000Z",
"site": "https://thehackernews.com",
"textContent": "Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell.\n\nAccording to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is",
"title": "FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads"
}