Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Multiple PHP Vulnerabilities Allow DoS and Memory Corruption Attacks
July 6, 2026
Critical ModSecurity Flaws Let Attackers Bypass Firewall Rules
July 6, 2026
Moody Bible Institute Data Breach Exposes 2.3 Million Users’ Personal Data
July 6, 2026
Home/Threats/Gaslight macOS Malware Evades AI Security Analysis With Prompt Injection
Threats

Gaslight macOS Malware Evades AI Security Analysis With Prompt Injection

Key Takeaways A new macOS malware, dubbed “Gaslight,” employs prompt injection to evade AI-driven security analysis tools. Attributed to North Korean threat actors, Gaslight is written in...

David kimber
David kimber
July 6, 2026 4 Min Read
4 0

Key Takeaways

  • A new macOS malware, dubbed “Gaslight,” employs prompt injection to evade AI-driven security analysis tools.
  • Attributed to North Korean threat actors, Gaslight is written in Rust and focuses on data exfiltration and backdoor functionality.
  • The malware embeds 38 deceptive system messages to trick AI agents into prematurely terminating analysis.
  • Apple has updated its XProtect built-in detection, and 29 security vendors on VirusTotal now flag the threat, though code variations remain a risk.
  • Organizations should combine AI-powered security with traditional detection methods to counter evolving evasion techniques.

Emergence of Gaslight: A New macOS Threat

A novel macOS malware, identified as Gaslight, has emerged, introducing an unprecedented evasion technique designed to circumvent AI-powered security systems. This sophisticated threat, developed in Rust and linked to North Korean state-sponsored hacking groups, distinguishes itself not merely by its data theft capabilities but by its active efforts to mislead AI analysis.

Table Of Content

  • Key Takeaways
  • Emergence of Gaslight: A New macOS Threat
  • Gaslight’s Prompt Injection Mechanism
  • Technical Deep Dive into Gaslight
  • What You Should Do

Apple has responded swiftly to this new threat. In early June, the company updated XProtect, its native macOS malware detection feature, with a specific rule to identify and block Gaslight. By June 30, a significant number of security vendors—twenty-nine in total—were flagging the malicious file on VirusTotal. However, the modular nature of the malware means that attackers can still modify its code to bypass current detection mechanisms.

Researchers at Moonlock have been closely monitoring the Gaslight campaign, noting its alignment with broader patterns of North Korean cyber operations targeting Mac users. These threat actors frequently employ social engineering tactics, impersonating recruiters, game developers, or software testers to trick victims into downloading infected files. In a report shared with Cyber Security News (CSN), SentinelOne said in a report that it named this malware Gaslight, attributing it to North Korean entities based on distinct coding styles and infrastructure choices.

Upon successful installation, Gaslight is capable of exfiltrating sensitive data, including browser histories from Chrome, Brave, Firefox, and Safari, terminal command logs, lists of installed applications, and the encrypted macOS keychain file, which stores passwords. Furthermore, it establishes a backdoor, enabling attackers to issue commands and deploy additional payloads to compromised systems.

Gaslight’s Prompt Injection Mechanism

What truly sets Gaslight apart is its innovative method of concealment rather than its specific data exfiltration targets. The malware incorporates thirty-eight fabricated system messages, embedded as plain text, meticulously crafted to mimic the diagnostic outputs typically generated by AI security tools during their scanning processes.

These deceptive messages include phrases such as “token logic seems flaky,” “connection timeout,” and the succinct “Crash.” The primary objective is to deceive an AI agent into believing that an internal error has occurred, thereby prompting it to prematurely halt its analysis and fail to flag the file as malicious.

Crucially, the AI systems themselves are not technically compromised. Instead, the malware exploits how these tools interpret textual data—a technique that, until now, has largely remained in the realm of theoretical discussion. This evasion method is particularly concerning given the increasing reliance on AI-driven security agents like SentinelOne Singularity, Claude Code, and CrowdStrike Falcon for automated Mac threat detection, especially within corporate environments.

Technical Deep Dive into Gaslight

Despite its relatively small size of 2.24 MB, Gaslight is a potent piece of malware. It leverages Serde, a legitimate Rust framework, to load configuration data that dictates the behavior of its various modules.

Embedded within the main executable is a 6.6 KB Python script, base64-encoded, which is responsible for the actual data exfiltration. A separate, approximately 2 KB bash installer script is designed to fetch and execute this Python script after being downloaded from the attackers’ command-and-control (C2) servers.

For C2 communications, Gaslight utilizes a Telegram bot. This communication channel is secured using AES-GCM encryption and configured with a custom certificate, allowing it to bypass standard network inspection. The bot’s access token is also self-redacted, complicating traffic analysis for security researchers, and its design ensures functionality even when operating behind enterprise proxy servers.

Notably, Gaslight deviates from typical North Korean malware campaigns by not appearing to target cryptocurrency wallets. This absence is a significant departure, given the historical focus of these groups on digital asset theft.

What You Should Do

  • Exercise Extreme Caution with Unexpected Files: Be highly suspicious of unsolicited job offers, meeting software, or developer test files, as phishing remains the primary infection vector for Gaslight.
  • Maintain Updated Antimalware Software: Ensure that your antimalware solutions are up-to-date and configured with real-time scanning capabilities to detect and block threats like Gaslight before they can execute.
  • Implement Multi-Layered Security: For enterprises relying on AI-driven security agents (e.g., SentinelOne Singularity, Claude Code, CrowdStrike Falcon), supplement these tools with traditional detection methods. Text-based evasion tactics can undermine automated triage alone.
  • Educate Users: Conduct regular cybersecurity awareness training to inform users about social engineering tactics and the importance of verifying software sources.
  • Monitor Network Traffic: Implement robust network monitoring to detect unusual communication patterns, especially those involving encrypted Telegram channels or attempts to bypass enterprise proxies.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityExploitMalwarephishingSecurityThreat

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Agent Skill Malware Targets AI Models Claude and OpenAI Codex

Next Post

Teen Arrested for Bandai Channel Cyberattack Aided by ChatGPT

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Gaslight macOS Malware Evades AI Security Analysis With Prompt Injection
July 6, 2026
Agent Skill Malware Targets AI Models Claude and OpenAI Codex
July 6, 2026
TrojPix Attack Remotely Exfiltrates Data From Air-Gapped Computers
July 6, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us