New macOS malware embeds fake errors to confuse AI analysis tools
ID: ed71c9d0-f0c7-5421-9f68-23023bacc7d3
STIX ID: report--ed71c9d0-f0c7-5421-9f68-23023bacc7d3
Feed Name: Bleeping Computer
macOS.Gaslight is a Rust backdoor and information-stealer attributed to a North Korean-linked threat actor that embeds roughly 3.5 KB of 38 fabricated system messages and prompt-injection strings into the binary to mislead LLM-assisted analysis pipelines into aborting or mistrusting their sessions. SentinelOne reports the payload mimics developer logs, crash reports, and debugging output to manipulate AI agents' perception rather than to bypass sandbox execution; while not demonstrated to reliably evade AI analysis, the technique indicates threat actors are experimenting with anti-AI-analysis methods.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
