logo

New macOS malware embeds fake errors to confuse AI analysis tools

ID: ed71c9d0-f0c7-5421-9f68-23023bacc7d3

STIX ID: report--ed71c9d0-f0c7-5421-9f68-23023bacc7d3

Feed Name: Bleeping Computer

Threat Score
78/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Lawrence Abrams

...
...

macOS.Gaslight is a Rust backdoor and information-stealer attributed to a North Korean-linked threat actor that embeds roughly 3.5 KB of 38 fabricated system messages and prompt-injection strings into the binary to mislead LLM-assisted analysis pipelines into aborting or mistrusting their sessions. SentinelOne reports the payload mimics developer logs, crash reports, and debugging output to manipulate AI agents' perception rather than to bypass sandbox execution; while not demonstrated to reliably evade AI analysis, the technique indicates threat actors are experimenting with anti-AI-analysis methods.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.