A novel Rust-based macOS implant, codenamed Gaslight, has been uncovered, distinguished by its unique prompt injection payload designed to mislead AI-powered malware analysis tools. Attributed with high confidence to North Korea-aligned threat actors, Gaslight seeks to disrupt analysis by embedding fabricated system-failure messages, causing AI triage agents to doubt their session and abort investigations, effectively "gaslighting" the analyst's tools rather than the sandbox environment.
The malware operates through a Telegram bot API-based command-and-control (C2) channel, providing an interactive shell with commands for executing system commands, terminating processes, and exfiltrating files. For persistence, Gaslight leverages a macOS LaunchAgent. It also includes a Base64-encoded Python script acting as an information stealer, capable of harvesting browser data, command histories, installed applications, running processes, and macOS Keychain database entries, which are then compressed and uploaded via Telegram.
Notably, Gaslight's operator configuration, including the Telegram bot token and chat ID, is supplied at runtime and self-redacted from logs, enhancing its operational security. The sophisticated AI evasion tactic, involving 38 fake system messages about token expiry, disk exhaustion, and static analysis flags, underscores a growing trend of adversaries targeting the LLM-assisted pipelines increasingly used in reverse engineering and security analysis.