macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
Essential information
- Published
- 24/06/2026 05:38
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- airpipe bonzai browser data theft credential stealer dprk llm evasion macos macos.gaslight persistence prompt injection rust backdoor telegram c2
- Related entities
- 4 indicators, 1 intrusion sets (apt), 19 techniques (mitre), 3 malware
Description
A sophisticated Rust-based macOS implant named macOS.Gaslight has been discovered, featuring a novel 3.5 KB prompt-injection payload containing 38 fabricated system messages designed to disrupt LLM-assisted malware analysis. The backdoor communicates via Telegram Bot API with AES-GCM encrypted payloads over certificate-pinned TLS and includes self-redaction capabilities to hide its bot token from logs. It provides operators with an interactive shell, system information collection, and credential stealing capabilities through a bundled Python script that targets browser data, keychains, and command histories. The implant uses runtime-fetched CPython interpreters and establishes persistence through a LaunchAgent masquerading as an Apple system service. This threat is assessed with high confidence to be aligned with DPRK activity and represents a significant evolution in adversarial techniques targeting security analysts rather than sandbox environments.