SentinelOne identified a sophisticated macOS malware strain named Gaslight. The company attributes the threat with high confidence to North Korean actors. This malware specifically targets AI-powered security analysis tools to disrupt investigations.
Gaslight employs prompt injection by embedding fabricated system failure messages. These messages force AI tools to doubt their own processes and abort analysis. The malware is written in the Rust programming language.
The threat uses the Telegram bot API for command-and-control operations. It establishes persistence on infected systems through a LaunchAgent. This discovery highlights an emerging trend of threat actors developing countermeasures against AI-driven cybersecurity.