A newly discovered macOS malware called “Gaslight” is doing something novel — it’s not trying to evade antivirus. It’s trying to confuse the AI tools researchers use to analyze malware.
The malware is a Rust binary with backdoor and info-stealing capabilities, typical of what’s been seen before. What sets it apart is a 3.5 KB payload containing 38 fake system messages embedded right inside the executable. These fabricated messages pretend to be crash reports, developer logs, debugging output, and program alerts. They use Markdown formatting and template placeholders to look like legitimate analysis data.
Examples include fake token expiration warnings, out-of-memory crash dumps, disk exhaustion alerts, and bogus SQL injection vulnerability flags — all unrelated to what the malware actually does.
SentinelOne researchers say the goal isn’t to hide from sandboxes but to attack the perception of LLM-assisted analysis tools. The fake strings are designed to trigger prompt injections that make an AI agent question its own session or refuse to continue analyzing the sample. One researcher put it: “It attacks the agent’s perception, rather than the sandbox it runs in.”
SentinelOne attributes the malware with high confidence to a North Korean-linked threat actor. While they haven’t demonstrated that the technique can successfully bypass AI-based analysis platforms yet, it shows that adversaries are specifically experimenting with anti-analysis methods aimed at AI-assisted security tools.
