The binary tracked as macOS.Gaslight as a Rust-based macOS implant and infostealer whose most novel features are analyst-directed prompt injection and a hardened Telegram-based command-and-control (C2) channel. We assess with high confidence that macOS.Gaslight aligns with DPRK-linked macOS activity clustered around BONZAI and AIRPIPE signatures. macOS.Gaslight is ad hoc signed, carries the identifier endpoint-macos-aarch64-5555494492fc075f441637fb9d894913dde3a2ea, and […]
The post DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: