Dubbed "GIMMICK" by the researchers at Volexity who first discovered it, the malicious code seems to be a custom tool designed and built by Storm Cloud specifically to target Mac users.
Once GIMMICK has found its way onto a target system, it quietly installs a trio of malware components called DriveManager, FileManager, and GCDTimerManager.
The DriveManager component gives the malware the following capabilities:
FileManager as the name indicates, manages the local directory where particulars relating to the command-and-control server are stored, along with the command tasks necessary for file exfiltration.
Finally, the GCDTimerManager handles the management of the various GCD objects.
The researchers at Volexity had this to say about the malware in their recently published report:
"Due to the asynchronous nature of the malware operation, command execution requires a staged approach. Though the individual steps occur asynchronously, every command follows the same."
The bottom line is that this is a complex, robust malware strain. The good news is that the fine folks at Apple have found ways to guard against this latest threat. The company has rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT.
The new signatures that have been available since March 17, 2022 should protect users against GIMMICK. So if it's been a while since you updated your OS, now is the time to do so. Kudos to Apple for their rapid response here and to the sharp-eyed researchers at Volexity for spotting the new threat.