Security News > 2022 > March > Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed
Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.
The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.
The exposure of custom malware used by sophisticated threat actors isn't common.
Sometimes even the most advanced cybercriminals slip up and leave behind malware that can then be dissected by security researchers, as is the case with GIMMICK. Dissecting the GIMMICK malware.
Volexity notes that the possibility of Storm Cloud buying the malware from a third-party developer and using it exclusively shouldn't be ruled out.
Protect against GIMMICK. Apple has also rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT, which should be able to block and remove the malware since March 17, 2022.
News URL
Related news
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)