06.07.2022 12:35 pm

Cross-platform malware “Gimmick” is also attacking Apple users

A group of Chinese cyber-criminals are operating under the name “Storm Cloud” and threat analysts are concerned by their extraordinary skills. This was the opinion of American cyber security company Volexity which was the first to discover malware developed by Storm Cloud that was previously unknown but is “highly developed with a lot of varied participants who are able to modify their tool set to the operating systems used by the relevant targets.”

“Gimmick”, the name of the malware, demonstrates this in a prototypical manner: Although Windows and Mac variants of the malware were programmed in different languages (Windows in .NET and Delphi; macOS in Objective C), both versions use an identical command and control infrastructure to control the communication between the devices and attackers and also have the same behavioural pattern:

After initialisation GIMMICK loads three malware components: a drive manager, file manager and GCD timer manager. The first then intervenes deeply into the management of Google Drive whereas the other two components attack the locally stored data.


Not good enough for Acronis Cyber Protect
It is by no means a matter of course that Gimmick could even be discovered on a MacBook with macOS 11.6 (Big Sur) when faced with the technological expertise of its creators and the refined operation of such “custom-made” malware. In general such an infection only leaves behind the most minimal of traces and may even delete the remaining malware fragments completely in order to avoid IoC*-based detection and analysis of the malware.

Even highly developed malware such as Gimmick has natural enemies, however, that will result in defeat. One such opponent is Acronis Cyber Protect. This globally unique solution to fully protect digital life works with AI-based antivirus, anti-malware, anti-ransomware and anti-cryptojacking technologies that immediately detect and stop the threats. For Gimmick the result was:




Apple advises the installation of system updates
Even if macOS users are protected from data corruption thanks to Acronis Cyber Protect, they should still follow Apple’s advice and install the latest system updates with the most up-to-date detection signatures on their devices as well as ensuring that Xprotect and MRT are activated and actively implemented.

All Acronis products at a glance »