Source URL: thehackernews.com/2026/06/n… The Hacker News reports on Gaslight, a newly documented Rust-based macOS implant and information stealer assessed with high confidence to be linked to North Korea-aligned threat actors. The malware uses Telegram-based command and control, supports interactive shell operations, file exfiltration and process control, and includes a Python-based information-gathering suite that harvests command history, application listings, process snapshots, system profile data, macOS Keychain material and browser data from Chrome, Brave, Firefox and Safari. Its most notable feature is an embedded prompt-injection payload designed to confuse or derail AI-assisted malware-analysis workflows, making it an early example of malware targeting not only endpoints but also the analyst tooling and AI triage layer.
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
Edward Kiledjian
@ekiledjian