TECH NEWS

Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor

https://hackread.com/wp-content/uploads/2026/06/op-flutterbridge-fake-google-ads-spread-macos-backdoor-1024x576.jpg

Cybersecurity researchers at Palo Alto Networks’ research division, Unit 42, have reported a large-scale malvertising scam running since late 2025. In this scam, called Operation FlutterBridge, cybercriminals are using fake Google search ads to lure Mac owners into downloading malware.

According to Unit 42’s investigation, hackers first set up fake companies to buy verified Google ads and use them to evade safety checks. When users search for tools, these ads pop up and download apps that look like podcast players or PDF viewers but carry a malicious program named FlutterShell.

Timeline and Versions

Behind this campaign is a cybercrime network called CL-CRI-1089, which research reveals has been active since at least 2023. This group previously used malvertising to target Windows users with fake programs called RecipeLister and Calendaromatic.

However, from August 2025, the network shifted to Apple systems with a campaign known as JSCoreRunner, also called FileRipple. By late 2025,...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

Read more