THREAT OPS › Threat News › macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
<h2>Executive Summary</h2> <ul> <li>SentinelLABS has analyzed a Rust macOS implant that embeds a 3.5 KB prompt-injection payload of 38 fabricated “system” messages, built to steer an LLM-assisted triage pipeline into aborting or refusing its analysis.</li> <li>Command-and-control runs over a Telegram Bot API polling loop, with AES-GCM payloads over certificate-pinned TLS.</li> <li>The implant self
MITRE ATT&CK techniques
Indicators of compromise
- 6328567511d88fdc2ae0939c5ef17b7a63d2a833881900de018a4f12f4982525sha256
- 77b4fd46994992f0e57302cfe76ed23c0d90101381d2b89fc2ddf5c4536e77casha256
- baabf249c77bc54c54ab0e66e15af798bd28aa5b4683554456a8b73ab8741239sha256
- b3c56d689414343589f38394d19ba2fe9a518133281200faa0556ba4e4136394sha256
- 5555494492fc075f441637fb9d894913dde3a2easha1
- https://docs.rs/serde/latest/serde/url
- https://blog.nviso.eu/2025/12/16/the-detection-response-chronicles-exploring-telegram-abuse/url
- https://research.checkpoint.com/2025/ai-evasion-prompt-injection/url
- https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-maliciousurl
- https://www.ox.security/blog/shai-hulud-open-source-malware-github/url