A macOS backdoor called FlutterShell is being distributed via malicious online advertisements, targeting macOS users broadly. The malware uses the Flutter framework as a code obfuscation layer to evade static analysis. Command-and-control infrastructure, persistence mechanisms, and full capability set are not confirmed from available source data; IOCs have not been publicly released by authoritative sources at time of publication.