The macOS malware variant was discovered by incident responders at security firm Volexity in the memory of a MacBook Pro running a version of macOS Big Sur 11.6. According to the team, the machine was compromised in a 2021 cyber-espionage attack. Gimmick itself is said to be a multi-platform malware that’s written in Objective C on macOS and heavily abuses Google Drive services. When installed on a compromised machine, it embeds itself as a binary file that mimics a heavily used app on a Mac.
Amazon Associate and affiliate partner, AppleInsider may receive revenue on qualifying purchases. These affiliate relationships have no bearing on our editorial content. Gimmick, a new custom macOS virus uncovered by security experts, is thought to have been built by a Chinese espionage cell to carry out assaults across Asia.
According to Volexity, the sophistication of Gimmick underlines how advanced and versatile the Storm Cloud threat actor is. However, it’s possible that the threat actor bought the malware from a third-party developer. Volexity notes that Storm Cloud is mostly known for targeting users in Asia as part of its cyber-espionage campaign. Additionally, Apple has issued security patches that are able to block and remove malware. Because of that, it’s recommended that users download and install the latest macOS Monterey update as soon as possible.
Watch the Latest from AppleInsider TV. After initializing, the team found that the malware loads additional components that can remotely manage a Google Drive session. By using Google Drive as a command-and-control platform, the malware can go undetected by network monitoring solutions. Once on a machine, attackers can carry out a variety of other tasks using the malware, including uploading files from the machine to command-and-control infrastructure, downloading additional malicious files to the machine, and gaining a shell that allows it to execute commands.