216.73.217.139

macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox

· Published 24/06/2026 05:38

Export JSON

Essential information

Published
24/06/2026 05:38
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
airpipe bonzai browser data theft credential stealer dprk llm evasion macos macos.gaslight persistence prompt injection rust backdoor telegram c2
Related entities
4 indicators, 1 intrusion sets (apt), 19 techniques (mitre), 3 malware

Description

A sophisticated Rust-based implant named .Gaslight has been discovered, featuring a novel 3.5 KB prompt-injection payload containing 38 fabricated system messages designed to disrupt LLM-assisted malware analysis. The backdoor communicates via Telegram Bot API with AES-GCM encrypted payloads over certificate-pinned TLS and includes self-redaction capabilities to hide its bot token from logs. It provides operators with an interactive shell, system information collection, and credential stealing capabilities through a bundled Python script that targets browser data, keychains, and command histories. The implant uses runtime-fetched CPython interpreters and establishes through a LaunchAgent masquerading as an Apple system service. This threat is assessed with high confidence to be aligned with activity and represents a significant evolution in adversarial techniques targeting security analysts rather than sandbox environments.

External references