North Korea macOS Malware Gaslight Manipulates AI Triage Tools, Not the Sandbox
Summary
SentinelOne disclosed a macOS implant called Gaslight that uses fabricated error messages to confuse AI-based malware triage tools. The malware targets the model’s context window rather than the sandbox, aiming to make the AI abort analysis before it can identify the threat. The sample also functions as a backdoor with persistence, encrypted command-and-control, and credential theft capabilities. The article explains why this attack works against current transformer-based systems and urges security teams to sanitize untrusted input before feeding it into LLM-assisted workflows. It also notes that North Korean operators have iterated on this prompt-injection technique across multiple malware families.
Classifications
industries
No industries detected
applications
ERP & Process Management
AI Classifications
Labels
Cybersecurity
Endpoint Protection Platform (EPP)
Extended Detection and Response (XDR)
Linked Companies
SentinelOne
$500M to $1B
Pillar Security
$1M to $5M