Gaslight: macOS Malware Evades AI Analysis with Fake Prompts

A new macOS malware called "Gaslight" uses a unique method to avoid AI analysis. It embeds fake "system" messages within its architecture to trick AI-assisted triage tools. These messages are designed to mislead large language models, or LLMs, into halting their investigation. For example, they might claim the AI's authentication token has expired or that the analysis environment is out of memory. While a human would likely spot these as fake, an LLM not properly isolated from untrusted input could interpret them as genuine instructions. Beyond this, Gaslight also functions as a standard backdoor and infostealer. It connects to attacker-controlled infrastructure, runs shell commands, steals files, and delivers a second stage infostealer that pulls sensitive data like passwords and cryptocurrency information. Security researchers warn that defenders need to treat malware samples as adversarial input and isolate AI pipelines. This is because more analyst-targeting prompt injection is expected as AI-assisted analysis becomes more common. This development highlights the evolving cat-and-mouse game between malware developers and cybersecurity tools.