Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

MacOS.Gaslight AI-analysis evasion malware

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The macOS.Gaslight malware family now embeds prompt injection strings and fake system-failure messages to confuse AI-assisted malware analysis tools, risking aborted or truncated triage. The sample is a Rust binary with backdoor and information-stealing functionality, and it contains a 3.5 KB payload with 38 fake system messages meant to mislead automated analysis.

Related Happenings

Gaslight macOS implant with Telegram C2 and prompt-injection payload

Malware Activity
H score29 First: 25.06.2026 12:23 Last: 25.06.2026 12:23 Sources 1

About this happening: A **previously undocumented macOS implant** named **Gaslight** combines **Telegram bot API C2**, **persistent shell control**, and **file exfiltration** with a built-in **prompt-i...

Open Happening

MacOS.Gaslight prompt-injection technique aimed at AI-assisted triage

Technical Analysis
H score23 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

How related: "Its most notable feature is an embedded cascade of fabricated system-failure messages, designed to make an LLM-assisted triage agent doubt its own session," explains SentinelOne.

About this happening: **macOS.Gaslight** is a **Rust-based macOS implant and information stealer** assessed with high confidence as the work of **North Korea-aligned threat actors**. The sample uses **...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

Fast16 Lua-based network worm

Malware Activity
H score14 First: 27.04.2026 16:09 Last: 27.04.2026 16:09 Sources 1

About this happening: Researchers identified **fast16**, a previously undocumented **Lua-based network worm** that can silently corrupt high-precision calculations and threaten legacy scientific and en...

Open Happening

Fast16 malware framework technical analysis of svcmgmt.exe and fast16.sys

Technical Analysis
H score22 First: 27.04.2026 12:10 Last: 27.04.2026 12:10 Sources 1

About this happening: Researchers uncovered **Fast16**, a **2005-era** malware framework that shows how a **Lua-based** implant could sabotage software years before **Stuxnet**. The analysis matters be...

Open Happening

Timeline

  1. 25.06.2026 19:23 2 articles · 1h ago

    Gaslight macOS malware uses fake system errors to mislead AI analysis tools

    Initial Disclosure

    A newly discovered macOS malware family dubbed Gaslight embeds prompt injection strings and fake debugging data inside a Rust binary to confuse AI-assisted malware analysis tools and LLM-assisted triage agents. The sample includes a 3.5 KB payload with 38 fake system messages, backdoor and information-stealing functionality, and is attributed with high confidence to a North Korean-linked threat actor.

    Show sources
    Open in new tab