• Home
  • macOS
  • News
  • New macOS Malware Uses Fake Errors to ‘Gaslight’ AI Analysis Tools

New macOS Malware Uses Fake Errors to ‘Gaslight’ AI Analysis Tools

New macOS Malware Uses Fake Errors to ‘Gaslight’ AI Analysis Tools

No matter how you feel about AI, it is definitely making things tougher for Mac antivirus utilities, as it allows the bad actors of the world to make more intelligent malware, according to a report from Bleeping Computer.

While Cybersecurity researchers are increasingly using AI-powered tools to assist with malware analysis and reverse engineering, the publication reports that a newly discovered macOS malware, dubbed “Gaslight,” has the ability to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable.

This allows the malware to “gaslight” the AI-powered anti-malware utilities, which are becoming popular these days, into believing there is an analysis error or another issue, potentially causing the tools to abort their scan or otherwise interfere with the detection and analysis of the malware because they are made to believe that there’s an underlying operational error on the tool’s part.

The fake errors consist largely of fabricated crash reports, developer logs, memory dumps, and other “system” messages, along with tons of other fake errors that target AI detection utilities specifically, including fake expired token warnings and out-of-memory errors.

“Its most notable feature is an embedded cascade of fabricated system-failure messages, designed to make an LLM-assisted triage agent doubt its own session,” explains SentinelOne.

“It attacks the agent’s perception, rather than the sandbox it runs in. Accordingly, we dub this family macOS.Gaslight.”

“It also plants bogus warnings about injection vulnerabilities and static-analysis flags. The aim is to push an LLM agent into aborting, truncating, or refusing analysis.”

The malware itself is an infostealer, designed to steal credentials and other sensitive information from the Mac it has installed itself on, and security firm SentinelOne believes a North Korean state actor is responsible for it.