A new macOS backdoor linked to North Korea utilizes prompt injection to evade AI analysis by embedding 38 fabricated system messages designed to mislead AI malware detection. Identified as macOS.Gaslight, this Rust implant not only obfuscates its presence during analysis but also includes capabilities such as data theft from popular browsers and terminal histories, using Telegram's Bot API for stealthy communication.
SentinelLabs emphasized the need for cybersecurity analysts to treat such deceptive tactics as adversarial inputs, highlighting the malware's unique method of targeting the analytical tools instead of the typical sandbox environment.