Skip to main content
  1. Home
  2. Blog
  3. Jamf protects against Gimmick malware from pulling the strings on macOS
Jamf Blog
March 25, 2022 by Jamf Threat Labs

Jamf protects against Gimmick malware from pulling the strings on macOS

Security, Jamf Threat Labs

Volexity researchers recently documented a new piece of malware, by a threat actor named Storm Cloud, that threatens to not only spy on Mac but use command & control (C2) protocols to manipulate your endpoints while operating from commercial, cloud-based services.

Threat: GIMMICK

Affects: A new macOS malware variant was recently discovered by Volexity researchers, dubbed GIMMICK. The attack has been attributed to a Chinese espionage threat actor known as Storm Cloud, which targets organizations in Asia. Windows variants of this malware also exist and it appears the threat actors have been able to port their toolsets to be compatible with different operating systems.

Detected by: Jamf Protect analytics generate an alert for XProtect, blocking the execution of this malware, as of 3/17/2022 (see additional details below).

Prevented by: Jamf Protect threat prevention blocks the execution of this malware as of 3/22/2022. Apple’s XProtect has recently Apple’s XProtect has recently added a new rule to version 2158 titled MACOS.efb903b. This new rule prevents variants of the GIMMICK malware.

Malicious URLs:

Leverages cloud hosting platforms such as Google Drive for command-and-control.

IOCs (as published by Volexity)

There are no strings on me - and there shouldn't be any on your Mac either!

Trust Jamf Protect to keep your Mac fleet and sensitive data secured against existing and emerging threats.

Request Trial
Jamf Threat Labs
Jamf
Jamf Threat Labs is a global team of experienced threat researchers, cybersecurity experts and data scientists with skills that span penetration testing, network monitoring, malware research and app risk assessment. Jamf Threat Labs primarily monitors and explores emerging threats affecting Mac and mobile devices. The team’s research is published with the aim of raising awareness of specific threats while also improving awareness and advocacy of security practices to protect the modern workforce.
Previous Blog Post:
 Prev
 macOS endpoint malware protection with Jamf Fundamentals Blog Homepage
 Next Blog Post:
 Next
 Improving work-life balance through TRUCE’s contextual solutions
Related Resources
Blog

macOS Security Basics series: The One About Macs (Not) Getting Malware

Read More
Blog

Jamf Protect Series: macOS quietly keeps you secure

Read More
Video

Jamf Protect: Endpoint security for Mac

Read More
Browse Blog
by Category:
Jamf Pro (588) Enterprise (498) Jamf Nation User Conference (323) Security (320) K-12 Education (186) Healthcare (153) Jamf Protect (149) Jamf School (133)
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.