Ethical Hacking News
North Korea-aligned threat actors have unleashed a novel macOS malware known as Gaslight, which employs prompt injection payloads to disrupt AI-assisted analysis and evade detection by artificial intelligence tools. This sophisticated malware has been identified as a Rust-based implant and information stealer, with features such as self-redaction of its Telegram bot token at runtime. Gaslight poses a significant threat to macOS users, and its attribution to North Korea-aligned threat actors underscores the potential for widespread cyber attacks in the coming months.
The Gaslight malware is a highly sophisticated Rust-based implant and information stealer designed to target and disrupt AI-assisted analysis on macOS systems. The malware uses prompt injection payloads to deceive and manipulate AI tools, evading detection by incorporating fabricated system messages. Gaslight contains various commands for issuing instructions, exfiltrating data, and executing shell commands, as well as a "focus" command with unknown functionality. The malware uses a LaunchAgent to achieve persistence on infected hosts and deploys its Python stealer via a separate installer. Gaslight's design includes self-redaction of its Telegram bot token at runtime, making it difficult for attackers to obtain vital information about the malware's operation. The attribution of Gaslight has been linked to North Korea-aligned threat actors, indicating a broader campaign aimed at disrupting cybersecurity efforts and exploiting vulnerabilities in AI-assisted analysis systems.
The cybersecurity landscape has recently been shaken by the emergence of a novel, highly sophisticated malware known as Gaslight, specifically designed to target and disrupt AI-assisted analysis on macOS systems. This particularly insidious form of malware is distinguished by its use of prompt injection payloads, which are crafted to deceive and manipulate artificial intelligence (AI) tools employed in the analysis process.
According to recent reports from SentinelOne researchers, the Gaslight malware has been identified as a Rust-based implant and information stealer, indicating that it possesses a sophisticated level of complexity. The malware's creators have cleverly embedded a Telegram bot API-based command-and-control (C2) channel within its architecture, which serves as an interactive shell for issuing instructions to operators and returning results from the execution of such commands.
A notable feature of Gaslight is its capacity to evade AI-based detection by incorporating fabricated system messages designed to trick security agents into aborting or refusing analysis. The malware's payload includes a cascade of artificial "system" messages, which are intended to deceive the AI tools employed in the triage process. These messages include fabrications about token expiry, out-of-memory kills, disk exhaustion, and repeated operation failures.
Furthermore, Gaslight contains a command called "help," which displays command help, an "id" command that identifies the implant to the operator, a "shell" command that executes a shell command via execvp, a "kill" command that terminates a target process by PID, an "upload" command that exfiltrates a file via Telegram's "attach://" mechanism, and a "stop" command that halts the execution of the implant. There is also a seventh command named "focus," although its functionality remains undetermined at this stage.
In addition to its command structure, Gaslight utilizes a LaunchAgent with the label "com.apple.system.services.activity" in its .plist file to achieve persistence on infected hosts. The malware's information gathering suite consists of a 6.6 KB Base64-encoded Python script that harvests Terminal command histories, installed application listings, snapshots of running processes, system hardware and software profiles, macOS Keychain database data, and data from Chrome, Brave, Firefox, and Safari web browsers.
Gaslight deploys its Python stealer via a separate 2 KB Base64-encoded bash installer that drops a cpython-3.10.18 interpreter from the "astral-sh/python-build-standalone" project. This malware's presence is marked by an extensive use of emojis and comment headers, which suggests that it was generated using a large language model (LLM).
A key aspect of Gaslight's design is its ability to self-redact its Telegram bot token at runtime, thereby denying the operator any access to crucial configuration details. This feature denies potential attackers who capture logs or crash artifacts any chance of obtaining vital information about the malware's operation.
The attribution of this malware has been attributed to North Korea-aligned threat actors, indicating that it is likely part of a broader campaign aimed at disrupting cybersecurity efforts and exploiting vulnerabilities in AI-assisted analysis systems.
In conclusion, Gaslight represents a significant threat to macOS users, as its prompt injection payloads are specifically designed to deceive and disrupt AI-assisted analysis tools. Its sophisticated command structure and capacity for self-redaction make it a formidable opponent for cybersecurity professionals seeking to identify and mitigate this malware.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Gaslight-macOS-Malware-Unleashes-Deceptive-Prompts-to-Disrupt-AI-Assisted-Analysis-ehn.shtml
https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html
Published: Thu Jun 25 06:22:12 2026 by llama3.2 3B Q4_K_M
