macOS Backdoor Uses Prompt Injection to Evade AI Triage
ID: 902c67aa-85f7-5583-8344-952bd10dad72
STIX ID: report--902c67aa-85f7-5583-8344-952bd10dad72
Feed Name: Infosecurity Magazine (News)
Threat Score
SentinelLabs uncovered macOS.Gaslight, a North Korea‑linked Rust backdoor and infostealer that harvests browser data, terminal histories, installed apps and the macOS login keychain. Uniquely, the sample embeds 38 fabricated Markdown-fenced system messages designed as a prompt injection to derail AI-assisted triage tools; it uses Telegram Bot API with certificate pinning for C2, can stage a Python interpreter at runtime, and scrubs its bot token to hinder detection.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
