Blog

New GIMMICK Malware Targets MacOS Users

Apr 9, 2022 | Blog

If you follow the global threat landscape closely, then you may already be aware of a notorious Chinese hacking collective known as “Storm Cloud.” What few people know is that this group seems to be the driving force behind a new variant of malware that researchers have recently spotted in the wild.

Dubbed “GIMMICK” by the researchers at Volexity who first discovered it, the malicious code seems to be a custom tool designed and built by Storm Cloud specifically to target Mac users.

Once GIMMICK has found its way onto a target system, it quietly installs a trio of malware components called DriveManager, FileManager, and GCDTimerManager.

The DriveManager component gives the malware the following capabilities:

  • Manage the Google Drive and proxy sessions.
  • Maintain a local map of the Google Drive directory hierarchy in memory.
  • Manage locks for synchronizing tasks on the Google Drive session.
  • Handle download and upload tasks to and from the Google Drive session.

FileManager as the name indicates, manages the local directory where particulars relating to the command-and-control server are stored, along with the command tasks necessary for file exfiltration.

Finally, the GCDTimerManager handles the management of the various GCD objects.

The researchers at Volexity had this to say about the malware in their recently published report:

“Due to the asynchronous nature of the malware operation, command execution requires a staged approach. Though the individual steps occur asynchronously, every command follows the same.”

The bottom line is that this is a complex, robust malware strain. The good news is that the fine folks at Apple have found ways to guard against this latest threat.  The company has rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT.

The new signatures that have been available since March 17, 2022 should protect users against GIMMICK. So if it’s been a while since you updated your OS, now is the time to do so.  Kudos to Apple for their rapid response here and to the sharp-eyed researchers at Volexity for spotting the new threat.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech