A newly discovered macOS malware called Gaslight uses fake logs, crash reports, and prompt injection strings to confuse AI-assisted malware analysis tools during triage. SentinelOne attributes the Rust-based backdoor and infostealer with high confidence to a North Korean-linked threat actor and says it is designed to make LLM agents abort or distrust their own analysis. #Gaslight #SentinelOne #NorthKorea
Keypoints
- Gaslight is a newly found macOS malware sample.
- It embeds fake system messages and debugging data inside the binary.
- The payload is meant to disrupt AI-assisted malware analysis tools.
- SentinelOne links the malware to a North Korean-associated threat actor.
- The sample includes backdoor and information-stealing functionality.