macOS.Gaslight: Rust‑based macOS Implant Uses Prompt‑Injection to Mislead AI Malware Analysts
What Happened — SentinelLabs identified a new macOS malware family, macOS.Gaslight, written in Rust. The implant carries a 3.5 KB Markdown‑fenced payload of 38 fabricated system messages that are crafted to confuse LLM‑assisted triage tools, while its command‑and‑control channel operates over Telegram’s Bot API using AES‑GCM encryption and TLS certificate pinning.
Why It Matters for Compliance & Audit Readiness
- The attack targets automated analysis pipelines that many SOC 2‑compliant programs depend on for continuous monitoring; a compromised pipeline can hide control failures.
- Highlights the need for documented security‑awareness controls that cover AI‑assisted tooling and prompt‑injection defenses, satisfying SOC 2 CC6.1 “System and Communications Protection.”
- Demonstrates why evidence‑collection processes must verify the integrity of analysis tools, a prerequisite for a defensible audit trail.
Who Is Affected — Technology vendors, managed service providers, and any enterprise that runs macOS endpoints or relies on AI‑based security tooling.
Recommended Actions —
- Ensure LLM‑assisted analysis tools sanitize untrusted input and enforce strict prompt boundaries.
- Add prompt‑injection testing to your continuous security‑testing program and map findings to SOC 2 CC6.1 controls.
- Document the control and evidence‑collection process for audit readiness. Source: https://securityaffairs.com/194256/malware/macos-gaslight-north-korea-linked-malware-that-tries-to-gaslight-the-analyst.html
Technical Notes — C2 uses Telegram Bot API polling, AES‑GCM encryption with a fresh nonce per message, and TLS certificate pinning to bypass proxy inspection. The malicious payload mimics the prompt scaffold of LLM triage harnesses, a novel form of prompt‑injection. Source: same link