Affects: A new macOS malware variant was recently discovered by Volexity researchers, dubbed GIMMICK. The attack has been attributed to a Chinese espionage threat actor known as Storm Cloud, which targets organizations in Asia. Windows variants of this malware also exist and it appears the threat actors have been able to port their toolsets to be compatible with different operating systems.
Detected by: Jamf Protect analytics generate an alert for XProtect, blocking the execution of this malware, as of 3/17/2022 (see additional details below).
Prevented by: Jamf Protect threat prevention blocks the execution of this malware as of 3/22/2022. Apple’s XProtect has recently Apple’s XProtect has recently added a new rule to version 2158 titled MACOS.efb903b. This new rule prevents variants of the GIMMICK malware.
Leverages cloud hosting platforms such as Google Drive for command-and-control.
IOCs (as published by Volexity)
There are no strings on me - and there shouldn't be any on your Mac either!
Trust Jamf Protect to keep your Mac fleet and sensitive data secured against existing and emerging threats.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.