Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

MacOS.Gaslight prompt-injection technique aimed at AI-assisted triage

Technical Analysis
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

macOS.Gaslight now uses prompt injection to disrupt AI-assisted malware triage, increasing the chance that defender tooling aborts or misreads analysis. The Rust implant embeds 38 fabricated system messages inside a Markdown-fenced block that mimics triage scaffolding and feeds the model bogus error conditions. The sample still carries a backdoor/infostealer payload, but the adversarial text is the novel technique that targets analyst workflows.

Related Happenings

MacOS.Gaslight Rust infostealer-backdoor with Telegram Bot API channel

Malware Activity
H score30 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

How related: Behind the injection sat a full infostealer and backdoor. The researchers said the implant offered an operator an interactive shell and was built to grab browser data from Chrome, Brave, Firefox and Safari, terminal histories, installed-app lists and a copy of the macOS login keychain.

About this happening: Researchers identified **macOS.Gaslight**, a **North Korea-linked** **Rust** infostealer-backdoor that can steal **Chrome, Brave, Firefox and Safari** data, terminal histories, in...

Open Happening

MiniFast Windows DLL backdoor activity

Malware Activity
H score28 First: 26.05.2026 12:10 Last: 26.05.2026 12:10 Sources 1

About this happening: The **MiniFast** backdoor adds a new **64-bit Windows DLL** implant to **Nimbus Manticore's** toolkit, increasing the group's ability to run commands, move files, and persist on c...

Open Happening

Fast16 Lua-based network worm

Malware Activity
H score14 First: 27.04.2026 16:09 Last: 27.04.2026 16:09 Sources 1

About this happening: Researchers identified **fast16**, a previously undocumented **Lua-based network worm** that can silently corrupt high-precision calculations and threaten legacy scientific and en...

Open Happening

Fast16 analysis reveals a sabotage worm that corrupts high-precision computations

Technical Analysis
H score22 First: 27.04.2026 16:09 Last: 27.04.2026 16:09 Sources 1

About this happening: Researchers identified **fast16**, a previously undocumented malware framework that can silently corrupt **high-precision computations**, exposing a sabotage method that can under...

Open Happening

Fast16 malware framework technical analysis of svcmgmt.exe and fast16.sys

Technical Analysis
H score22 First: 27.04.2026 12:10 Last: 27.04.2026 12:10 Sources 1

About this happening: Researchers uncovered **Fast16**, a **2005-era** malware framework that shows how a **Lua-based** implant could sabotage software years before **Stuxnet**. The analysis matters be...

Open Happening

Timeline

  1. 24.06.2026 17:00 2 articles · 3h ago

    SentinelLabs identifies macOS.Gaslight prompt injection targeting AI-assisted triage

    Technical Analysis Update

    SentinelLabs identified a North Korea-linked macOS backdoor tracked as macOS.Gaslight that embeds 38 fabricated system messages inside a Markdown-fenced block to confuse AI-assisted triage and derail malware analysts' tools. The Rust implant also functions as an infostealer/backdoor, with an interactive shell, browser data collection from Chrome, Brave, Firefox and Safari, terminal history access, installed-app list collection, and a copy of the macOS login keychain, while its command channel uses Telegram's Bot API with encryption and certificate pinning.

    Show sources
    Open in new tab