Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads for Data Theft

Discover more Computer Security Threat detection software Hacking news updates HomeCyber Security News Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads for Data Theft By Tushar Subhra Dutta June 25, 2026 A newly identified Rust-based macOS backdoor has raised alarms across the security community, combining a hidden interactive shell with Telegram-based file uploads to quietly steal data from Apple users. Discovered in early June 2026, the threat surfaced when an Apple XProtect update flagged a suspicious file uploaded to VirusTotal on May 22. Despite being caught by a hash-based rule, the sample remained undetected by most static scanning engines at the time of writing. The malware, tracked as macOS.Gaslight, packs a full data theft toolkit into a single persistent Rust binary. It steals browser credentials from Chrome, Brave, Firefox, and Safari, captures terminal histories, lists installed apps, and copies the macOS login keychain file. Collected files are archived into a zip and delivered to the attacker through Telegram’s file-upload feature, blending exfiltration into normal-looking traffic. Researchers at SentinelOne noted the implant belongs, with high confidence, to a cluster of North Korea-linked macOS activity. Apple’s XProtect rule ties this sample to a malware family associated with DPRK threat operations, and a sibling sample is also caught by Apple’s AIRPIPE rule, which SentinelOne ties to North Korean campaigns. What further sets this threat apart is an embedded payload of 38 fabricated system messages designed to manipulate AI-based malware analysis tools. Handling the Telegram Bot API error codes (Source – SentinelOne) The technique, known as prompt injection, targets the analyst’s tooling rather than the sandbox environment. These fake messages mimic error logs warning of token expiry and memory failures, pushing AI triage pipelines to abort or skip analysis entirely. The binary is ad hoc signed and carries a distinctive identifier string baked directly into the file. According to SentinelOne said in a report shared with Cyber Security News (CSN), this malware marks a notable step forward in how threat actors engineer implants to defeat modern detection workflows. Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads Once the malware validates its Telegram bot token, the attacker gains a live interactive shell on the infected machine. The shell supports six commands, including running shell code, killing processes by ID, uploading files, and stopping the implant entirely. All communication flows through the Telegram Bot API polling loop, which also acts as a built-in single-instance lock. To harden its communication channel, the implant encrypts all traffic using AES-GCM and applies certificate pinning, making it nearly impossible to intercept through standard network monitoring. It also reads the host’s proxy settings and routes traffic accordingly, so the malware can operate on networks that force outbound connections through a proxy. This design makes the channel resilient in tightly managed enterprise environments. The backdoor deploys a Python data collection module on demand, fetching a standalone Python 3.10.18 interpreter from an open-source project at runtime. Decoded Python stealer (Source – SentinelOne) This keeps the core Rust binary lean while letting the attacker expand collection when needed. Stolen data including browser cookies and system profiles is zipped and uploaded to the operator via Telegram before any local cleanup occurs. Prompt Injection Tactics and Persistence on Infected Hosts Beyond data theft, macOS.Gaslight introduces a technique aimed at analysts using AI-assisted review tools. The implant embeds 38 fake system messages formatted to mimic an AI triage harness, using delimiters that resemble internal large language model prompt scaffolding. The aim is to push AI tools into treating hostile content as trusted instructions rather than suspicious data. Persistence is handled through a LaunchAgent disguised under the label com.apple.system.services.activity, blending the implant into Apple’s service namespace to avoid detection. The malware resolves its file path at runtime and writes it into the LaunchAgent config, ensuring it survives reboots and stays active across user sessions. The Telegram bot token is hidden from runtime logs through a built-in self-redaction routine. When building Telegram URLs, the implant swaps the live token for a placeholder, blocking defenders from recovering it through logs or crash reports. Researchers recommend treating suspicious sample content as adversarial input and never exposing unknown files to AI analysis pipelines without proper sandboxing controls first. Indicators of Compromise (IoCs):- Type Indicator Description SHA-256 Hash 6328567511d88fdc2ae0939c5ef17b7a63d2a833881900de018a4f12f4982525 macOS.Gaslight Mach-O main sample  SHA-256 Hash 77b4fd46994992f0e57302cfe76ed23c0d90101381d2b89fc2ddf5c4536e77ca Sibling BONZAI sample (DPRK-linked)  File Identifier endpoint-macos-aarch64-5555494492fc075f441637fb9d894913dde3a2ea Ad hoc signing identifier embedded in binary  LaunchAgent Label com.apple.system.services.activity Persistence LaunchAgent masquerading as Apple service  SHA-256 Hash baabf249c77bc54c54ab0e66e15af798bd28aa5b4683554456a8b73ab8741239 Embedded Python payload stealer script  SHA-256 Hash b3c56d689414343589f38394d19ba2fe9a518133281200faa0556ba4e4136394 Bash installer script for Python runtime  Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM. Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Tushar Subhra Dutta Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics. Trending News Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection Hackers Compromised 10,000+ GitHub Repositories to Inject Malicious Script 23 ClawHub Plugins Abuse Official Org Scopes to Impersonate Trusted AI Agent Tools Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection Claude Down – A Major Outage Affects Most of the Models Latest News Cyber Security News LokiBot Campaign Uses JScript Attachment, .NET Injector, and Process Injection to Steal Credentials Cyber Security News Shai-Hulud Payload Steals GitHub, npm, Cloud, CI/CD, and SSH Credentials From Developers Cyber Security News AWS AiTM Phishing Kit Steals Console Credentials and MFA Codes in Real Time Cyber Security News ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers AI Gemini 3.5 Flash Released With Computer Use Capabilities that Build Agents