macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
SentinelLABS has analyzed macOS.Gaslight, a DPRK-linked Rust macOS implant with a novel anti-analysis technique: a 3.5 KB embedded prompt-injection payload containing 38 fabricated 'system' messages designed to mislead LLM-assisted triage pipelines into aborting analysis. Beyond this, the implant features a Telegram Bot API C2 with AES-GCM encryption and certificate pinning, a bot-token self-redaction mechanism, a Python-based credential stealer (harvesting browser data, keychains, and terminal history), LaunchAgent persistence masquerading as an Apple system service, and a runtime-fetched standalone CPython interpreter. The prompt injection is more sophisticated than previously documented examples, using a 38-message harness-spoofing cascade rather than a single injected block. Defenders building LLM-assisted analysis pipelines are warned to treat sample contents as adversarial input.
