“tools have windows and mac variants the attack has both macos and windows versions. on macos, it starts with a convincing clone of the official google gemini cli web page. this instructs the user to run an innocuous - looking command in their terminal. however, this command is en…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
75%
“= ’ geminicli ’ to look like a legitimate software setup process, connects to a remote server and executes malicious code directly in the device ’ s memory. running code in memory rather than writing it to disk - a fileless attack - evades traditional antivirus software that scan…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
74%
“= ’ geminicli ’ to look like a legitimate software setup process, connects to a remote server and executes malicious code directly in the device ’ s memory. running code in memory rather than writing it to disk - a fileless attack - evades traditional antivirus software that scan…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
65%
“developers warned to avoid ' early - access ' google gemini tools developers warned to avoid ' early - access ' google gemini tools attackers are tempting would - be users into downloading reverse shell malware nordvpn has uncovered a series of active malicious campaigns imperson…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.005Malicious Library
53%
“= ’ geminicli ’ to look like a legitimate software setup process, connects to a remote server and executes malicious code directly in the device ’ s memory. running code in memory rather than writing it to disk - a fileless attack - evades traditional antivirus software that scan…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1072Software Deployment Tools
44%
“developers warned to avoid ' early - access ' google gemini tools developers warned to avoid ' early - access ' google gemini tools attackers are tempting would - be users into downloading reverse shell malware nordvpn has uncovered a series of active malicious campaigns imperson…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1218System Binary Proxy Execution
31%
“tools have windows and mac variants the attack has both macos and windows versions. on macos, it starts with a convincing clone of the official google gemini cli web page. this instructs the user to run an innocuous - looking command in their terminal. however, this command is en…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
31%
“tools have windows and mac variants the attack has both macos and windows versions. on macos, it starts with a convincing clone of the official google gemini cli web page. this instructs the user to run an innocuous - looking command in their terminal. however, this command is en…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Attackers are tempting would-be users into downloading reverse shell malware