Operation FlutterBridge is a widespread macOS malvertising campaign operated by the CL-CRI-1089 threat cluster, delivering a novel Flutter-based backdoor dubbed FlutterShell. The malware utilizes a dynamic WebView-based JavaScript-to-native bridge to execute arbitrary commands, hijack Google Chrome for adware revenue, and exfiltrate data, all while masquerading as legitimate, Apple-notarized applications.