Security researchers have discovered a new custom macOS malware dubbed Gimmick, which they believe was created by a Chinese espionage group to carry out attacks in Asia.
MacBook Air
The macOS malware variant was discovered by incident responders at security firm Volexity in the memory of a MacBook Pro running a version of macOS Big Sur 11.6. According to the team, the machine was compromised in a 2021 cyber-espionage attack.
Gimmick itself is said to be a multi-platform malware that's written in Objective C on macOS and heavily abuses Google Drive services. When installed on a compromised machine, it embeds itself as a binary file that mimics a heavily used app on a Mac.
After initializing, the team found that the malware loads additional components that can remotely manage a Google Drive session. By using Google Drive as a command-and-control platform, the malware can go undetected by network monitoring solutions.
Once on a machine, attackers can carry out a variety of other tasks using the malware, including uploading files from the machine to command-and-control infrastructure, downloading additional malicious files to the machine, and gaining a shell that allows it to execute commands.
According to Volexity, the sophistication of Gimmick underlines how advanced and versatile the Storm Cloud threat actor is. However, it's possible that the threat actor bought the malware from a third-party developer.
How to protect yourself
Volexity notes that Storm Cloud is mostly known for targeting users in Asia as part of its cyber-espionage campaign.
Additionally, Apple has issued security patches that are able to block and remove the malware.
Because of that, it's recommended that users download and install the latest macOS Monterey update as soon as possible.