- SentinelOne discovered macOS “Gaslight” malware that uses rapid injection to mislead AI-assisted sorting tools during scanning.
- Beyond the standard backdoor and infostealer capabilities, it embeds fake Markdown “system” messages to trick LLMs into disrupting the investigation.
- Researchers warn defenders to treat malware samples as adversarial input and isolate AI pipelines, as rapid injections are expected to be more targeted by analysts.
We’ve seen rapid injections into websites and emails, but what about malware samples? Security researchers SentinelOne recently published a detailed report on a newly discovered macOS malware called Gaslight which, as the name suggests, attempts to trick AI-assisted sorting agents into stopping scanning.
The malware itself is nothing fancy: it infects the device by any means necessary (usually phishing and social engineering), connects to the infrastructure controlled by the attacker via Telegram, and then executes different commands such as profiling the device, executing arbitrary shell commands, stealing files, or terminating processes.
It also provides second-stage malware that acts as an information stealer, extracting passwords, sensitive PDFs, cryptocurrency wallet information, and much more.
Arming sorting pipelines assisted by LLM
But where Gaslight stands out is its defenses against AI-based malware analysis. According to SentinelOne, the malware contains a large block of fake “system” messages in Markdown format, designed for AI assistants that security researchers can use when reverse engineering. These messages claim things like “the AI authentication token has expired”, “the analysis environment is out of memory”, “disk space has been exhausted”, “static analysis is unsafe”, and the like.
While a human analyst would certainly recognize these fake messages even at a glance, an LLM that is not properly isolated from untrusted input could interpret them as real system instructions and refuse to analyze the malware further.
“macOS.Gaslight stands out for its rapid injection targeting analysts, an attempt to weaponize LLM-assisted sorting pipelines that are increasingly part of the reverse engineering loop,” SentinelOne explains. “Anyone building such tools should treat the contents of the samples they sort as adversarial input, never as instructions, and be prepared to keep any hostile content out of the model. As LLM-assisted analysis becomes routine, advocates should expect more samples to be created to exploit it.”
Researchers have published a comprehensive list of indicators of compromise at this link.
Via Hacker news
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
