Gaslight Malware Abuses Prompt Injection to Trick Automated AI Cybersecurity Agents
North Korean hackers have launched a sophisticated new macOS malware campaign that targets Mac users, specifically developers and those in the Web3 space. Historically, these threat actors rely on fak

North Korean hackers have launched a sophisticated new macOS malware campaign that targets Mac users, specifically developers and those in the Web3 space. Historically, these threat actors rely on fake job recruiters, bogus video meeting invites, and malicious PDFs to breach systems. They typically aim to drain cryptocurrency wallets and steal financial data. However, their […] The post Gaslight Malware Abuses Prompt Injection to Trick Automated AI Cybersecurity Agents appeared first on Cyber Security News.
North Korean hackers have launched a sophisticated new macOS malware campaign that targets Mac users, specifically developers and those in the Web3 space. Historically, these threat actors rely on fake job recruiters, bogus video meeting invites, and malicious PDFs to breach systems. They typically aim to drain cryptocurrency wallets and steal financial data. However, their latest creation, dubbed Gaslight, introduces a novel and alarming tactic. Instead of just stealing data, it actively attempts to deceive the automated AI cybersecurity agents tasked with stopping it. Apple recently updated its built-in XProtect security feature to block this standalone malicious file. Written in Rust, Gaslight operates as both an information stealer and a backdoor. While security vendors are rapidly updating their defenses, the malware’s unique evasion tactics make it a notable threat to enterprise environments and individual developers alike. It shares similarities with previous North Korean threats, such as the 2023 Realst infostealer. However, it represents a significant evolution in evasion tactics. A Gaslight sample was detected by 29 security vendors by the time this report was filed. Image: Screenshot,Moonlock (Source: moonlock) Gaslight Malware Tricks Agents The most fascinating aspect of Gaslight is its built-in defense mechanism against modern security tools. Many enterprise security platforms such as Sentinel One Singularity, Claude Code, and CrowdStrike Falcon now rely on AI agents to scan files, check network traffic, and cross-reference known malware signatures. Gaslight attempts to bypass these AI systems using a rudimentary but effective form of prompt injection. The malware contains 38 fabricated system messages embedded as plain text. When an AI security agent scans the file, it reads these fake triage messages designed to confuse its logic. The text includes phrases like “token logic seems flaky,” “excessive logging… filling up disk space,” “connection timeout,” or simply “Crash.” The goal is not to hack the AI agent directly. Instead, the malware tries to gaslight the system into registering a false error or abandoning the scan entirely to save processing tokens. This proof-of-concept technique is now operating in the wild, raising serious questions about the reliability of automated AI security tools. Gaslight uses plain text to attempt to trick AI-automated security agents. Image: Screenshot, Moonlock (Source: moonlock) Despite its small footprint, Gaslight packs a heavy technical punch. The malware uses a legitimate library called Serde to efficiently load configuration values and system data. To execute the actual data theft, it fetches a tiny, encoded bash installer from the internet. This installer deploys a hidden Python script that zips up the stolen files and prepares them for exfiltration. Interestingly, it does not immediately hunt for desktop crypto wallets. However, its backdoor capabilities mean attackers can deploy additional payloads later, moonlock said. To communicate with the attackers, Gaslight relies on a highly customized Telegram bot API. This serves as the command-and-control center, allowing hackers to send remote commands or download additional malware to the infected Mac. The attackers hardened this communication channel to avoid network detection. It uses AES-GCM encryption and requires the encryption key to be provided at runtime rather than stored inside the malware sample. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. The post Gaslight Malware Abuses Prompt Injection to Trick Automated AI Cybersecurity Agents appeared first on Cyber Security News.
Join the Discussion
Comments coming soon. Follow us on social media for real-time discussions.


