macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst
ID: 5f44005d-7b00-56af-bc11-5e5920ca7e0e
STIX ID: report--5f44005d-7b00-56af-bc11-5e5920ca7e0e
Feed Name: Security Affairs
**macOS.Gaslight** is a Rust-based macOS implant attributed to DPRK-aligned operators that embeds a multi-message prompt-injection payload to confuse LLM-assisted analysts; it communicates via Telegram Bot API with AES-GCM-encrypted messages and TLS certificate pinning, persists using a LaunchAgent, stages a self-contained Python environment to run a gated stealer that exfiltrates browsers, keychains and system data, and employs novel self-redaction to hide runtime bot credentials.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
