Browser Hijacking | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell . According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple ) in late August 2025. The cybercrime group behind the two attack chains is being tracked under the moniker CL-CRI-1089. The attackers are assessed to be active since at least 2023. "Built using the Flutter framework, FlutterShell infects targets with adware via malicious desktop applications," Unit 42 said . "In addition to its adware functionality, the payload possesses backdoor capabilities, including shell command execution and file system manipulation." Operations attributed to CL-CRI-1089 also include Recipe Lister and Calendaromatic , both of which fall under a broader designation known as TamperedChef (aka EvilAI ), an ongoing series ...