Security News > 2022 > March > Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed
Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.
The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.
The exposure of custom malware used by sophisticated threat actors isn't common.
Sometimes even the most advanced cybercriminals slip up and leave behind malware that can then be dissected by security researchers, as is the case with GIMMICK. Dissecting the GIMMICK malware.
Volexity notes that the possibility of Storm Cloud buying the malware from a third-party developer and using it exclusively shouldn't be ruled out.
Protect against GIMMICK. Apple has also rolled out new protections to all supported macOS versions with new signatures for XProtect and MRT, which should be able to block and remove the malware since March 17, 2022.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)