Security News > 2022 > March > New Variant of Chinese Gimmick Malware Targeting macOS Users
Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "Feature-rich, multi-platform malware family that uses public cloud hosting services for command-and-control channels."
NET and Delphi, the macOS version is written in Objective C. The choice of the programming languages aside, the two versions of the malware are known to share the same C2 infrastructure and behavioral patterns.
The malware is configured to communicate with its Google Drive-based C2 server only on working days in order to further blend in with the network traffic in the target environment.
To protect users against malware, Apple has issued new signatures to its built-in anti-malware protection suite known as XProtect as of March 17, 2022 to block and remove the infections via its Malware Removal Tool.
"The work involved in porting this malware and adapting its systems to a new operating system is no light undertaking and suggests the threat actor behind it is well resourced, adept, and versatile," the researchers said.
News URL
https://thehackernews.com/2022/03/new-variant-of-chinese-gimmick-malware.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)