THE macOS.Gaslight malware, discovered by SentinelLABS, targets macOS users and is believed to be associated with North Korean threat actors. It employs a Rust backdoor to steal information, including browser data and passwords, while evading detection by traditional security tools. The exact delivery method is unknown, but the malware installs as a hidden Python stealer mimicking legitimate services and communicates with a Telegram bot for commands and data exfiltration.
Its unique feature is prompt injection targeting AI analysis tools, misleading them with fake error messages. Defense strategies include monitoring for unauthorized Python downloads and ensuring macOS protections are updated.