SentinelOne says it has identified a Rust-based macOS implant dubbed macOS.Gaslight that uses Telegram as a remote-control channel and, alongside data theft, carries a prompt-injection capability designed to disrupt LLM-assisted malware analysis.
June 2026 · SentinelLABS Analysis
macOS.Gaslight: Malware That Targets the Analyst's AI, Not the Sandbox
A Rust-based macOS backdoor embeds 38 fake "system" messages to gaslight the LLM-assisted triage pipelines analysts now rely on — convincing the AI its own session is collapsing so it aborts or refuses. Attributed with high confidence to the DPRK-linked BONZAI cluster.
38
fake "system" messages crafted to deceive the LLM
~3.5KB
single Markdown block holding the injection cascade
0
static-engine detections at first VirusTotal upload
A Cascade That Dwarfs Prior Injection Tricks
Number of injected "system" messages mimicking a triage harness
1
single-block
Earlier injections used a single block. Gaslight scales it into a session-collapse story — expired tokens, out-of-memory, disk exhaustion, repeated failures and fake flags.
The Attack on Perception
Analyst feeds sample to LLM triage
→
Embedded fake "system" messages read as real errors
→
LLM aborts, refuses or truncates output
Traditional malware evades the sandbox. Gaslight attacks the analyst's perception — manipulating the AI layer instead of the runtime.
Technical Profile
Language
Rust (ad hoc signed)
C2 Channel
Telegram Bot API polling
Encryption
AES-GCM + cert pinning
Persistence
LaunchAgent (com.apple.* spoof)
Attribution
DPRK BONZAI cluster (high conf.)
Detection
XProtect · MACOS_BONZAI_COBUCH
Why It Stands Out
First state-sponsored case seen directly targeting AI analysis pipelines. Self-staging standalone CPython and runtime self-deletion of the bot token are considered novel.
The Defensive Gap
Defenders must treat sample content as adversarial input. As LLM triage spreads, output-manipulation techniques are expected to proliferate — a new layer of sanitization is needed.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…