🟠 High | Source: The Hacker News
A new Rust-based macOS malware called Gaslight has been discovered that acts as an implant and information stealer, with a novel twist: it embeds prompt injection payloads designed to manipulate AI-assisted analysis tools into refusing or abandoning examination of the malware. This represents an emerging and concerning tactic where malware actively attempts to subvert the AI-powered defences and tooling used by security analysts. The technique could significantly slow incident response and threat intelligence workflows that increasingly rely on AI assistance.
Security Architect’s Take: Ensure your macOS endpoint detection pipelines do not rely solely on AI-assisted analysis tools, and implement human-in-the-loop review for any AI output that declines or aborts a malware analysis — treat such refusals as a potential indicator of compromise. Additionally, harden your AI tooling by enforcing strict input sanitisation and sandboxing when analysing untrusted artefacts.
Original advisory: New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis