Technology Tips

April 09, 2022

New GIMMICK Malware Targets MacOS Users

Written By Securafy Team

If you follow the global threat landscape closely, then you may already be aware of a notorious Chinese hacking collective known as "Storm Cloud." What few people know is that this group seems to be the driving force behind a new variant of malware that researchers have recently spotted in the wild.

Dubbed "GIMMICK" by the researchers at Volexity who first discovered it, the malicious code seems to be a custom tool designed and built by Storm Cloud specifically to target Mac users.

Once GIMMICK has found its way onto a target system, it quietly installs a trio of malware components called DriveManager, FileManager, and GCDTimerManager.

The DriveManager component gives the malware the following capabilities:

  • Manage the Google Drive and proxy sessions.
  • Maintain a local map of the Google Drive directory hierarchy in memory.
  • Manage locks for synchronizing tasks on the Google Drive session.
  • Handle download and upload tasks to and from the Google Drive session.

FileManager as the name indicates, manages the local directory where particulars relating to the command-and-control server are stored, along with the command tasks necessary for file exfiltration.

Finally, the GCDTimerManager handles the management of the various GCD objects.

The researchers at Volexity had this to say about the malware in their recently published report:

"Due to the asynchronous nature of the malware operation, command execution requires a staged approach. Though the individual steps occur asynchronously, every command follows the same."

The bottom line is that this is a complex, robust malware strain. The good news is that the fine folks at Apple have found ways to guard against this latest threat.  The company has rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT.

The new signatures that have been available since March 17, 2022 should protect users against GIMMICK. So if it's been a while since you updated your OS, now is the time to do so.  Kudos to Apple for their rapid response here and to the sharp-eyed researchers at Volexity for spotting the new threat.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.