New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed with high confidence that the tool is

The article describes macOS.Gaslight, a Rust-based macOS implant and infostealer linked with high confidence to North Korea–aligned actors that embeds a 3.5 KB prompt-injection payload of 38 fabricated "system" messages inside the malware sample itself.[2][6] These Markdown-fenced messages are crafted to mimic an LLM triage harness and claim token expiry, OOM kills, disk failures, bogus injection warnings, and static-analysis flags, with the explicit goal of steering LLM-assisted analysis tools into aborting, truncating, or misclassifying the analysis rather than attacking the model directly.[2][4][6] From a CyberSE.AI perspective, this is a clear indirect prompt injection pattern where adversarial content in an analyzed artifact targets downstream AI agents in the reverse-engineering pipeline, showing that any system which blindly feeds untrusted sample content into LLMs is at risk of evasion and mis-triage. Defenders should treat all artifact content as adversarial input, enforce strict prompt scaffolding and content isolation in AI tooling, and incorporate adversarial-prompt testing and hardening (via secure agent design, business-logic audits, and continuous AI red team