Security News > 2022 > March > Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed
Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.
The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.
The exposure of custom malware used by sophisticated threat actors isn't common.
Sometimes even the most advanced cybercriminals slip up and leave behind malware that can then be dissected by security researchers, as is the case with GIMMICK. Dissecting the GIMMICK malware.
Volexity notes that the possibility of Storm Cloud buying the malware from a third-party developer and using it exclusively shouldn't be ruled out.
Protect against GIMMICK. Apple has also rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT, which should be able to block and remove the malware since March 17, 2022.
News URL
Related news
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)