SentinelOne's research arm SentinelLabs has analyzed and published details on macOS.Gaslight, a Rust-based macOS implant designed to disrupt AI-assisted malware analysis. Attributed with high confidence to North Korea (DPRK)-aligned threat actors, it is notable for targeting the AI tools used by analysts rather than the sandbox.
Threat Analysis · macOS.Gaslight
The Backdoor That Gaslights the Analyst's AI
A Rust-based macOS implant — attributed with high confidence to DPRK-aligned actors — embeds a prompt-injection payload that targets the LLM doing the triage, not the sandbox. Instead of hiding, it tries to convince the AI analyst to abort.
~3.5KB
Embedded prompt-injection payload inside the binary
38
Forged "system" messages aimed at AI triage pipelines
1st
Real-world harness-spoofing attack of this sophistication
Escalation of analyst-targeting prompt injection
Stacked forged-message count by known case — taller column = more deceptive payload
1 block
Earlier single-block attempts (Hades / Shai-Hulud)
PoC
Windows proof-of-concept (2025)
38 messages
macOS.Gaslight — full harness-spoofing payload
HOW THE DECEPTION WORKS
Sample analyzed
LLM-driven triage reads the binary
→
Forged signals fire
Fake token expiry, OOM kills, disk-full, injection warnings
→
AI aborts / refuses
Analysis steered to stop — the malware goes unexamined
It spoofs the responses of the analysis harness itself — a goal distinct from traditional sandbox evasion.
Implant at a glance
Language
Rust · Mach-O, ad hoc signed
C2 channel
Telegram Bot API (getUpdates)
Encryption
AES-GCM · TLS cert pinning
Persistence
LaunchAgent spoofing com.apple.*
Capabilities
Shell, credential stealer, self-staged Python
Detection
Apple XProtect (BONZAI_COBUCH)
Defender takeaway
As LLM-assisted triage becomes routine, sample contents must be treated as adversarial input. Don't feed untrusted samples directly into models — even simple prompt injection can change an AI tool's behavior.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…