URL has been copied successfully!
DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module


Tags: , , , , ,

The binary tracked as macOS.Gaslight as a Rust-based macOS implant and infostealer whose most novel features are analyst-directed prompt injection and a hardened Telegram-based command-and-control (C2) channel. We assess with high confidence that macOS.Gaslight aligns with DPRK-linked macOS activity clustered around BONZAI and AIRPIPE signatures. macOS.Gaslight is ad hoc signed, carries the identifier endpoint-macos-aarch64-5555494492fc075f441637fb9d894913dde3a2ea, and […] The post DPRK-Linked macOS Implant Uses LaunchAgent Persistence and Python Stealer Module appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/dprk-linked-macos-implant/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Volume of attacks on network devices shows need to replace end of life devices quickly
  2. Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
  3. 6 ways hackers hide their tracks
  4. What keeps CISOs awake at night, and why Zurich might hold the cure