SentinelLABS identified macOS.Gaslight, a DPRK-aligned Rust backdoor targeting macOS systems. The implant establishes a resilient C2 channel via the Telegram Bot API using AES-GCM over pinned TLS and achieves persistence via a masqueraded LaunchAgent. Notably, it embeds a 38-message prompt-injection payload designed to feed fabricated system errors to LLM-assisted triage tools, aiming to abort or corrupt automated analysis. The malware also stages a standalone Python environment to execute a credential and data stealer.