All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

North Korea-linked macOS backdoor uses prompt injection to poison AI malware analysis tools

By

Alessandro Mascellino

1h ago· 3 min readenNews
technologysecurity

Summary

SentinelLabs has discovered a North Korea-linked macOS backdoor (tracked as macOS.Gaslight) that uses a novel evasion technique: instead of trying to hide from sandbox analysis, it injects 38 fabricated system messages designed to poison and derail AI-assisted malware triage tools used by human analysts. The Rust-based implant targets the analyst's AI tools rather than the analysis environment itself, representing an evolution in malware evasion tactics.

Source

bskyNorth Korea-linked macOS backdoor uses prompt injection to poison AI malware analysis toolsinfosecurity-magazine.com

Key quotes

· 3 pulled
A North Korea-linked macOS backdoor has been caught hiding a prompt injection that targets malware analyst's AI tools, rather than the sandbox analyzing it.
SentinelLabs, the research arm of SentinelOne, said the Rust implant embedded 38 fabricated system messages designed to derail AI-assisted triage.
Malware has long tried to detect when it is running inside a sandbox or a researcher's virtual machine. This sample went after the researcher.
Snippet from the RSS feed
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools

You might also wanna read

Mirror: macOS Utility Detects Hidden Background Applications

Mirror is a macOS utility that detects background applications that deliberately hide from Activity Monitor, exposing stealth tools like Int

Product Hunt·6mo ago

Researchers demonstrate first public macOS kernel memory corruption exploit on Apple M5 silicon

Researchers report the first public macOS kernel memory corruption exploit on Apple's M5 silicon, successfully bypassing Apple's MIE (Memory

blog.calif.io·1mo ago

AI Researcher Discovers Echo Chamber Attack Bypassing LLM Guardrails

An AI Researcher at Neural Trust has discovered a novel jailbreak technique called the Echo Chamber Attack that bypasses the safety mechanis

neuraltrust.ai·1y ago

Safehouse: macOS Kernel-Level Sandboxing for Secure Local AI Agent Development

Safehouse is a macOS-native sandboxing solution for local AI agents that provides kernel-level enforcement to prevent destructive actions. I

agent-safehouse.dev·3mo ago

Decoy: Lightweight Native macOS App for Local Mock Service Testing

Decoy is a lightweight native macOS application that enables developers to create local mock services for testing purposes. It allows testin

Product Hunt·3mo ago

FBI Director Kash Patel's Apparel Site Found Hosting Malware Attack Targeting Mac Users

An apparel site (BasedApparel.com) co-created by FBI Director Kash Patel and Andrew Ollis has been discovered attempting to trick macOS user

pcmag.com·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.