A new macOS malware, dubbed Gaslight, has emerged, employing advanced techniques to evade detection by AI-based security systems. Written in Rust and linked to North Korean cyber actors, Gaslight not only exfiltrates sensitive data but also actively disrupts automated analysis tools.
Apple responded promptly by updating its XProtect malware detection system in early June to specifically target this threat. By June 30, twenty-nine security vendors had flagged the malware on VirusTotal. However, the adaptable nature of Gaslight’s code allows attackers to modify it, potentially bypassing existing detection mechanisms.
Researchers at Moonlock have been monitoring this campaign, noting its alignment with broader North Korean operations targeting Mac users. These campaigns often involve attackers masquerading as recruiters, game developers, or software testers to deceive victims into downloading malicious files.
Gaslight’s Data Exfiltration Capabilities
Once installed, Gaslight can extract data from browsers such as Chrome, Brave, Firefox, and Safari. It also retrieves terminal command histories, lists installed applications, and copies the encrypted keychain file that stores macOS passwords. Additionally, Gaslight functions as a backdoor, enabling attackers to execute commands or deploy further payloads on compromised systems.
Innovative Evasion Through Prompt Injection
Gaslight’s standout feature is its use of prompt injection to evade AI-based security analysis. The malware embeds thirty-eight fabricated system messages as plain text, mimicking the format used by AI security tools during scans. These messages include phrases like “token logic seems flaky,” “connection timeout,” and “Crash,” aiming to mislead AI agents into terminating their analysis prematurely.
While the AI systems themselves remain uncompromised, Gaslight exploits their text interpretation processes. This technique, previously considered theoretical, poses a significant challenge to automated Mac threat detection tools increasingly utilized in enterprise environments.
Technical Composition of Gaslight
Despite its compact size of 2.24 MB, Gaslight is feature-rich. It utilizes Serde, a legitimate Rust framework, to load configuration data governing its modules. Embedded within is a 6.6 KB Python script, encoded in base64, responsible for data theft. A separate 2 KB bash installer downloads and executes this script from the attackers’ servers.
For command and control, Gaslight employs a Telegram bot, encrypted with AES-GCM, facilitating secure communication between the malware and its operators.
The emergence of Gaslight underscores the evolving sophistication of macOS malware and the challenges in detecting threats that manipulate AI-based security tools. This development highlights the need for continuous adaptation in cybersecurity strategies to address novel evasion techniques.