Mastodawn

macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox

A sophisticated Rust-based macOS implant named macOS.Gaslight has been discovered, featuring a novel 3.5 KB prompt-injection payload containing 38 fabricated system messages designed to disrupt LLM-assisted malware analysis. The backdoor communicates via Telegram Bot API with AES-GCM encrypted payloads over certificate-pinned TLS and includes self-redaction capabilities to hide its bot token from logs. It provides operators with an interactive shell, system information collection, and credential stealing capabilities through a bundled Python script that targets browser data, keychains, and command histories. The implant uses runtime-fetched CPython interpreters and establishes persistence through a LaunchAgent masquerading as an Apple system service. This threat is assessed with high confidence to be aligned with DPRK activity and represents a significant evolution in adversarial techniques targeting security analysts rather than sandbox environments.

Pulse ID: 6a3b512d529a1b06d095af2b
Pulse Link: https://otx.alienvault.com/pulse/6a3b512d529a1b06d095af2b
Pulse Author: AlienVault
Created: 2026-06-24 03:38:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #DPRK #ELF #InfoSec #Mac #MacOS #Malware #OTX #OpenThreatExchange #Python #RAT #Rust #TLS #Telegram #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Daily NK 10h ago

Xi Jinping's June 8–9 state visit to Pyongyang has triggered a Chinese-language tutoring boom across North Korea. In Sinuiju, demand for private lessons is soaring — parents want their children fluent before China trade opens up in earnest.

https://www.dailynk.com/english/north-korea-chinese-language-tutoring-surge-north-china-relations/

#NorthKorea #DPRK #ChinaDPRK #NKEconomy

Daily NK 16h ago

#NorthKorea's National Intelligence Agency is going door to door in border cities — Hoeryong, Musan, Onsong — warning residents that Chinese mobile phone users are "cancerous tumors in the body of the nation." Agents are enlisting neighbors to surveil neighbors.

https://www.dailynk.com/english/north-korea-chinese-mobile-phone-crackdown-border/

#NorthKorea #DPRK #Surveillance #ChinaDPRK

Daily NK 17h ago

North Korea's neighborhood watch units are ordering each household to submit 50 kg of dried human waste as fertilizer — even as state media boasts 105% industrial growth at the country's fertilizer complexes.

https://www.dailynk.com/english/north-korea-human-waste-quota-fertilizer-propaganda/

#NorthKorea #DPRK #Agriculture #FoodSecurity

Show thread

Francis Mangion (M)1d ago

#DPRK #Democratic_Peoples_Republic_of_Korea #NorthKorea #usa

Show thread

Aho 2d ago

@MAKS23 quite stupid of the #orc #nazi #regim in #kremlin to alienate #Turkey as #russian tourists will get bored of #dprk

CyberVeille.ch 2d ago

📢 Attaque supply chain via astro.config.mjs avec C2 blockchain sur dépôt GitHub populaire
📝 ## 🔍 Contexte

Analyse technique publiée le 12 juin 2026 par SafeDep, documentant une attaque de type supply chain ciblant le dépôt open source *...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-21-attaque-supply-chain-via-astro-config-mjs-avec-c2-blockchain-sur-depot-github-populaire/
🌐 source : https://safedep.io/astro-config-blockchain-c2-supply-chain/
#DPRK #IOC #Cyberveille

Attaque supply chain via astro.config.mjs avec C2 blockchain sur dépôt GitHub populaire

🔍 Contexte Analyse technique publiée le 12 juin 2026 par SafeDep, documentant une attaque de type supply chain ciblant le dépôt open source Egonex-AI/Understand-Anything (outil code-to-knowledge-graph, 57 000+ étoiles GitHub). L’article est une analyse post-mortem détaillée avec déobfuscation complète du payload. 🎯 Vecteur d’attaque L’acteur AsimRaza10 a soumis trois pull requests frauduleuses (PR #198, #206, #261) entre le 24 et le 26 mai 2026, toutes pointant vers le même commit malveillant (8d30be36). Chaque PR présentait une description légitime fictive (correction React, édition README, fichiers de santé communautaire) ne correspondant pas au diff réel. Les deux seuls fichiers modifiés étaient :

CyberVeille

Show thread

Jazone 3d ago

"A Nuclear #Iran is a danger to us all."
#Iranwar
Ok. So is #Russia #China and the #DPRK but the dupes in the US media that keep repeating this nonsense, need you to believe that Iran was an IMMINENT threat.
It wasn't. But the #Epsteinfiles are!
#NoKings

Kyiv Independent Daily Headlines 5d ago

Friday, June 19, 2026

UK to send Ukraine 150,000 drones, air defense systems using proceeds from frozen Russian assets . . . . . Western allies pledge $4 billion in military aid for Ukraine . . . . . Investigation: How EU machinery keeps feeding Russian missile makers . . . . . Russian attack damages over 40 homes in Kharkiv . . . and more

https://activitypub.writeworks.uk/2026/06/friday-june-19-2026/

Daily NK 5d ago

Xi Jinping's visit to North Korea has Hyesan residents hoping for a turning point — Chinese capital, mineral deals, factories, tourism, anything to ease the economic squeeze.

https://www.dailynk.com/english/xi-jinpings-visit-to-north-korea-sparks-hope/

#NorthKorea #DPRK #China #ChinaDPRK