SentinelLABS analyzed macOS.Gaslight, a Rust macOS implant tied to DPRK-aligned activity that combines Telegram-based command and control, AES-GCM encryption, certificate-pinned TLS, and a bundled Python stealer. The sample also includes a 3.5 KB prompt-injection payload with 38 fabricated system messages designed to derail LLM-assisted triage and hide its malicious behavior. #macOSGaslight #BONZAI #AIRPIPE #Telegram #AppleXProtect
Keypoints
- macOS.Gaslight is a Rust-based macOS implant and infostealer assessed with high confidence to be part of DPRK-aligned activity.
- Its command-and-control uses the Telegram Bot API polling loop, with multipart file upload used to return collected data.
- The implant encrypts C2 traffic with AES-GCM and hardens transport with certificate pinning via SecTrustSetAnchorCertificatesOnly.
- It provides the operator with an interactive shell, process-kill capability, file upload exfiltration, and a stop command.
- A bundled Python stealer collects browser data, terminal histories, installed apps, process and system details, and a copy of login.keychain-db.
- Persistence is achieved through a LaunchAgent masquerading as com.apple.system.services.activity in the Apple namespace.
- The sample contains a 3.5 KB prompt-injection harness with 38 fake “system” messages intended to confuse or abort LLM-assisted analysis.
MITRE Techniques
- [T1059.004 ] Command and Scripting Interpreter: Unix Shell – Executes shell commands through an interactive shell and can spawn processes via execvp/posix_spawnp (‘execute a shell command via execvp, with posix_spawnp available as an alternative spawn path’)
- [T1057 ] Process Discovery – Collects a running-process snapshot to enumerate active processes (‘a running-process snapshot via ps aux’)
- [T1082 ] System Information Discovery – Gathers hardware and software profile information from the host (‘system_profiler’)
- [T1555.001 ] Credentials from Password Stores: Keychain – Copies the victim’s macOS keychain database for credential theft (‘a raw copy of login.keychain-db’)
- [T1021 ] Remote Services – Uses Telegram as a remote command-and-control channel for tasking and data return (‘Command-and-control runs over a Telegram Bot API polling loop’)
- [T1573 ] Encrypted Channel – Encrypts C2 payloads with AES-GCM before transmission (‘All C2 payloads are encrypted with AES-GCM’)
- [T1588.001 ] Obtain Capabilities: Malware – Staged Tool – Fetches and stages a standalone CPython interpreter at runtime for the Python stealer (‘fetches and stages a self-contained cpython-3.10.18 interpreter’)
- [T1036.005 ] Masquerading: Match Legitimate Name or Location – Uses a LaunchAgent label in Apple’s com.apple.* namespace to blend in (‘Label value com.apple.system.services.activity’)
- [T1205.002 ] Traffic Signaling: Port Knocking or Single Packet Authorization – Not applicable in the strict sense; the implant uses Telegram Conflict handling as a single-instance lock rather than a network knock (‘treats that response as an implicit single-instance lock’)
- [T1112 ] Modify Registry? – Not applicable on macOS; no clear registry modification is described in the article.
Indicators of Compromise
- [SHA-256 ] macOS.Gaslight sample and related artifacts – 6328567511d88fdc2ae0939c5ef17b7a63d2a833881900de018a4f12f4982525, 77b4fd46994992f0e57302cfe76ed23c0d90101381d2b89fc2ddf5c4536e77ca
- [SHA-256 ] embedded payload scripts – baabf249c77bc54c54ab0e66e15af798bd28aa5b4683554456a8b73ab8741239, b3c56d689414343589f38394d19ba2fe9a518133281200faa0556ba4e4136394
- [File/Identifier ] ad hoc signing identifier and persistence label – endpoint-macos-aarch64-5555494492fc075f441637fb9d894913dde3a2ea, com.apple.system.services.activity
- [Filename/Path ] exfiltration archive and keychain target – temp/collected_data.zip, login.keychain-db