GIMMICK Malware Infiltrates macOS Systems

macOS systems are once again the target of a complicated malware attack. In this case, the campaign is carried out by a Chinese adversary tracked under the alias Storm Cloud. Their attack involves the use of a previously undetected malware family we refer to as GIMMICK. The GIMMICK Malware appears to have the ability to operate very stealthily, by loading most of its data in the system's memory – therefore minimizing the traces left on the hard drive. It goes without saying that the GIMMICK Malware is a very sophisticated piece of malware, and it is probably not meant for mass use. Often, Advanced Persistent Threat (APT) actors like Storm Cloud use their custom malware against selected targets, making sure to execute a swift attack and then delete all traces of their activity.

Although the malware was recovered from a macOS system, researchers report that it could have a variant for Windows as well. The threat also relies on legitimate services to fetch configuration and exfiltrate information. For example, Google Drive is one of the services that the GIMMICK Malware uses regularly. The malware features a modular structure, and it has three primary modules, which allow it to seamlessly execute remote commands, download files to the infected device, upload files from the infected device, and more. It is important to add that macOS users can protect themselves from the GIMMICK Malware by ensuring that their operating system is up-to-date. Apple rolled out important security updates in mid-March. However, we also advise our readers to strengthen their Mac's security even further by utilizing reputable security tools at all times.