Cybersecurity scholars at Volexity have discovered previously unknown custom malware developed for macOS that they claim is capable of taking control of a target's Google Drive account.
The malware was most likely developed by Storm Cloud, a Chinese cyber espionage threat actor that, judging by its difficulty, has excellent skills and resources.
After recovering it from a compromised MacBook Pro running macOS XNUMX (Big Sur), scholars named the malware GIMMICK. It is described as cross-platform malware, written in Objective C or .NET and Delphi, depending on the operating system it targets.
Apple's solution
Once GIMMICK infects a full stop, it establishes a session to Google Drive cloud storage, using encrypted OAuth2 credentials. Now, it loads 3 separate malicious elements: DriveManager, FileManager and GCDTimerManager.
These give attackers the ability to direct Google Drive and proxy sessions, hold a local map of the Google Drive directory hierarchy in memory, direct locks for job synchronization in the Drive session, and direct upload and upload jobs. download.
GIMMICK supported commands, published in more detail, include transmitting base system information, uploading files to the command and control (C2) server, uploading files to user endpoint, executing a shell command, writing output to C2 and overwrite the user's work period. information.
"Due to the asynchronous nature of the malware operation, command execution requires a gradual approach. While individual steps occur asynchronously, each command follows the same," Volexity explained.
To combat malware, Apple has added new protections to each and every supported version of macOS, in the form of new signatures for the XProtect and MRT antivirus solutions. Each and every user is advised to visit the Apple support page and follow the instructions there.
Malware is a discovery, the publication asserts. In general, in cyber espionage campaigns like this one, threat actors make sure to leave no trace of their presence and typically remove any code used.
Via: BleepingComputer