Gaslight (macOS.Gaslight) is a Rust-based backdoor attributed to North Korean (DPRK) state-sponsored actors, designed for browser credential harvesting from Chrome, Brave, Firefox, and Safari on macOS. The implant utilizes the Telegram Bot API for command-and-control (C2) communications. Its primary innovation is the integration of 38 adversarial prompt injection strings embedded within the binary. These strings are engineered to deceive Large Language Models (LLMs) used by SOC analysts during triage, inducing AI refusals or hallucinated benign classifications to bypass automated analysis and extend attacker dwell time. Detection was initially facilitated by an Apple XProtect update.
-
Threat Model: The Human-AI Loop
- Shifts the attack surface from endpoint defenses to the analyst's cognitive and automated tooling.
- Treats LLM-based triage pipelines as a vulnerability surface to create critical detection gaps.
- Aims to manipulate the "ground truth" presented to security responders during the initial triage phase.
-
Technical Mechanics: Rust-Based Stealth
- Developed in Rust to optimize performance and complicate traditional reverse engineering efforts.
- Executes targeted credential harvesting across multiple major macOS-compatible web browsers.
- Employs the Telegram Bot API for stealthy C2 communication and data exfiltration.
-
Adversarial Vector: LLM Manipulation
- Embeds 38 fabricated system messages as strings within the executable to override LLM instructions.
- Designed to trigger when an analyst uploads binary strings or files to an AI-assisted analysis tool.
- Induces AI hallucinations or forced refusals, leading the model to report the file as benign or generate fake errors.
-
Operational Impact: MTTR Extension
- Directly increases Mean Time to Remediate (MTTR) by delaying human verification through deceptive AI output.
- Demonstrates the operational viability of "AI-aware" malware targeting the security stack's intelligence layer.
- Highlights a systemic risk in over-reliance on LLMs for unfiltered static analysis of malicious binaries.
-
Detection & Defensive Actions
- Primary discovery and detection achieved via Apple XProtect signature updates.
- Recommended identification of anomalous outbound traffic patterns associated with the Telegram Bot API.
- Necessity for "Human-in-the-Loop" verification for all AI-generated malware summaries to prevent "gaslighting" effects.
Related posts
- gbhackers.com — DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module
- Expert In the Cloud — When Malware Starts Targeting AI: The Rise of Gaslight on macOS
- techjacksolutions.com — Multiple / Cross-Vendor (Gaslight macOS Implant — North Korea-Linked) — Vulnerability Rollup (2026-06-25)
- Security Affairs
- feeds.feedburner.com — New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
- Cybersecurity News — Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads for Data Theft
- Infosecurity-magazine
- Sentinelone
- Aiweekly
- bleepingcomputer.com — New macOS malware embeds fake errors to confuse AI analysis tools
- Itnerd
- Techradar
- Malpedia