North Korea-Linked macOS.Gaslight Malware Uses Rust and AI Deception Tactics

Researchers at SentinelLabs identified a Rust-based macOS implant named macOS.Gaslight, attributed to North Korea (DPRK), designed with a prompt injection payload to deceive AI-based malware analysts. The malware was first detected following an Apple XProtect update in early June 2024, referencing a VirusTotal sample uploaded on May 22, 2024, which initially evaded static detection engines. The implant leverages Rust for cross-platform compatibility and includes techniques to manipulate analysis tools. No specific CVE IDs or targeted sectors were disclosed in the report. The primary impact involves obfuscation tactics aimed at hindering automated and manual threat analysis.