- SentinelOne discovered “Gaslight” malware for macOS that uses rapid injection to trick AI-assisted classification tools during analysis.
- Beyond standard backdoor and information theft capabilities, it incorporates fake Markdown “system” messages to trick LLMs into stopping the investigation.
- Researchers warn defenders to treat malware samples as adversarial inputs and isolate AI channels as faster injection targeting analysts is expected.
We’ve seen rapid injections into websites and emails, but what about malware samples? Security researchers SentinelOne recently published a detailed report on a newly discovered piece of macOS malware called Gaslight that, as its name suggests, attempts to use AI-assisted classification agents to stop scanning.
The malware itself is nothing out of the ordinary: it infects the device by any means necessary (usually phishing and social engineering), connects to the attacker-controlled infrastructure via Telegram, and then executes different commands, such as profiling the device, executing arbitrary shell commands, stealing files, or killing processes.
It also offers a stage two malware that acts as an information stealer, obtaining passwords, sensitive PDF files, cryptocurrency wallet information, and more.
Setting up LLM-assisted classification processes
But where Gaslight stands out is in its defenses against AI-powered malware analysis. According to SentinelOne, the malware contains a large block of fake Markdown-formatted “system” messages designed for artificial intelligence assistants that security researchers can use during reverse engineering. These messages state things like “AI authentication token has expired”, “analysis environment is running out of memory”, “disk space has been exhausted”, “static analysis is not secure”, and the like.
While a human analyst would definitely recognize these fake messages even at a glance, an LLM that is not properly isolated from untrusted input could interpret them as genuine system instructions and refuse to further analyze the malware.
“macOS.Gaslight stands out for its fast injection aimed at analysts, an attempt to weaponize the LLM-assisted classification processes that are increasingly found in the reverse engineering circuit,” SentinelOne explains. “Anyone creating such tools should treat the content of the samples they classify as adversarial input, never as instructions, and be prepared to keep hostile content out of the model entirely. As LLM-assisted analysis becomes routine, proponents should expect more samples to be created to exploit it.”
Researchers have published a complete list of indicators of compromise at this link.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
