Overview
- Researchers disclosed the sample in late June, reporting that the macOS implant codenamed Gaslight carries a 3.5 KB payload of 38 Markdown‑fenced fake “system” messages meant to confuse AI triage agents.
- The injected messages mimic developer logs, crash reports, token‑expiry warnings and other alerts designed to prompt an LLM to abort, truncate, or refuse analysis rather than to detect a sandbox.
- Behind the prompt payload, Gaslight is a Rust backdoor and infostealer that can harvest browser data, the macOS login keychain, terminal histories, installed‑app lists and system profiles via a staged Python stealer.
- Operators use Telegram’s Bot API for command and control in a polling loop with AES‑GCM encryption and certificate pinning, and the implant fetches a standalone Python interpreter at runtime while self‑redacting its bot token from logs.
- SentinelLabs links the sample with high confidence to North Korea‑aligned actors and advises defenders to treat sample contents as adversarial input, though researchers have not shown the injection reliably defeats AI analysis in practice.