{"id":237505,"date":"2026-06-26T03:55:08","date_gmt":"2026-06-26T07:55:08","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/26\/macos-backdoor-uses-prompt-injection-to-evade-ai-triage\/"},"modified":"2026-06-26T03:55:16","modified_gmt":"2026-06-26T07:55:16","slug":"macos-backdoor-uses-prompt-injection-to-evade-ai-triage","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/26\/macos-backdoor-uses-prompt-injection-to-evade-ai-triage\/","title":{"rendered":"macOS Backdoor Uses Prompt Injection to Evade AI Triage"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/macos-gaslight-rust-backdoor\/\">macOS Backdoor Uses Prompt Injection to Evade AI Triage<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/macos-gaslight-rust-backdoor\/\">https:\/\/www.infosecurity-magazine.com\/news\/macos-gaslight-rust-backdoor\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-25 02:48:35<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<h3>Summary:<\/h3>\n<p>A sophisticated North Korea-linked macOS backdoor, named macOS.Gaslight by SentinelOne&#8217;s research arm, SentinelLabs, has been identified exploiting a novel form of attack that undermines AI-assisted malware triage operations. The backdoor uses prompt injection techniques to deliver 38 fabricated system messages crafted to mimic an AI tool\u2019s internal structure, causing it to abort or refuse analysis. This marks a shift from traditional attempts to detect sandbox environments to directly targeting and manipulating the researcher&#8217;s AI tools using advanced deception tactics. Underpinning the injection is a comprehensive infostealer designed to collect sensitive data from various internet browsers and applications, alongside a backdoor that communicates securely through Telegram\u2019s Bot API to evade detection. SentinelLabs warns of an increasing trend where attackers will likely manipulate artificial intelligence detections to bypass traditional security measures, stressing the need for greater vigilance among researchers.<\/p>\n<h3>Key Points:<\/h3>\n<ul>\n<li><strong>Prompt Injection Targeting AI Tools:<\/strong> The malware, macOS.Gaslight, attempts to derail AI-assisted security analysis by injecting fabricated messages designed to mimic AI tool internal signals.<\/li>\n<li><strong>North Korean Links:<\/strong> SentinelLabs attributes the attack with high confidence to North Korean operatives through Apple&#8217;s XProtect and other intelligence sources.<\/li>\n<li><strong>In-depth Data Harvesting:<\/strong> The malware includes a robust infostealer capable of extracting a wide range of data from different browsers and applications on a macOS system.<\/li>\n<li><strong>Advanced Stealth Techniques:<\/strong> The malware ensures concealment in transit via Telegram\u2019s Bot API using encryption and certificate pinning.<\/li>\n<li><strong>Warning on AI Exploitation:<\/strong> SentinelLabs emphasizes the need for security professionals to treat triage inputs as adversarial and remain vigilant against future AI manipulation attempts.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>macOS Backdoor Uses Prompt Injection to Evade AI Triage https:\/\/www.infosecurity-magazine.com\/news\/macos-gaslight-rust-backdoor\/ Publish Date: 2026-06-25 02:48:35 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237506,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/17040ed3-8b8a-4f07-a3a7-c6185869fbe9.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,36,32],"class_list":["post-237505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-infostealer","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237505"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237505"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237505\/revisions"}],"predecessor-version":[{"id":237510,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237505\/revisions\/237510"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237506"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}