National Cyber Warfare Foundation (NCWF)

DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module
0 user ratings		2026-06-25 07:44:05
milo
Red Team (CNA)

The binary tracked as macOS.Gaslight as a Rust-based macOS implant and infostealer whose most novel features are analyst-directed prompt injection and a hardened Telegram-based command-and-control (C2) channel. We assess with high confidence that macOS.Gaslight aligns with DPRK-linked macOS activity clustered around BONZAI and AIRPIPE signatures. macOS.Gaslight is ad hoc signed, carries the identifier endpoint-macos-aarch64-5555494492fc075f441637fb9d894913dde3a2ea, and […]


The post DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/dprk-linked-macos-implant/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.