A new loader called OXLOADER is being distributed via malvertising on Google and installs the infostealer CastleStealer using sophisticated obfuscation techniques with very low detection rates.
A group active since 2023 distributes the macOS backdoor FlutterShell through Google-verified shell companies, which is signed with valid Apple IDs and can be remotely controlled in real time.