[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-macos-malware-hides-fake-ai-prompts-to-stop-security-scans":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},2278,"macos-malware-hides-fake-ai-prompts-to-stop-security-scans","macOS Malware Hides Fake AI Prompts to Stop Security Scans","A newly documented macOS backdoor called Gaslight embeds fake system messages to trick LLM-assisted triage tools into abandoning analysis.","Malware authors have started writing prompt injection attacks aimed at the AI tools defenders use to investigate threats.\n\nSentinelOne published research this week on a macOS strain it named Gaslight. On the surface, it is a routine backdoor: it spreads via phishing, phones home over Telegram, and delivers a second-stage infostealer capable of lifting passwords, cryptocurrency wallet data, and sensitive files. What separates it is a large block of fake Markdown-formatted \"system\" messages embedded directly in the binary. These messages claim things like the analysis environment is out of memory, the AI's authentication token has expired, or that static analysis is unsafe. A human analyst would spot the ruse immediately. An LLM-assisted triage pipeline that treats sample content as trusted input might not.\n\nThe wider implication is that the attack surface for AI-assisted security tooling just expanded in a direction most teams have not defended. Prompt injection is already a documented problem in web apps and email clients, but injecting adversarial instructions into a malware binary itself is a meaningful escalation - it targets the analyst's workflow rather than the end user's machine. As SentinelOne notes, defenders should expect more samples built this way as LLM-assisted reverse engineering becomes routine.\n\nThe fix is architectural, not cosmetic: AI triage pipelines need to treat every byte of a malware sample as untrusted input, fully isolated from anything that could be interpreted as a system instruction. That is standard practice for web input sanitization and it should have been standard here from the start.","[\"security\",\"macos\",\"malware\",\"ai\"]","2026-06-26T13:00:00.000Z","2026-06-26T13:31:28.571Z","2026-06-27T15:37:43.993Z","published",null,[],"security",[24,26,27,28],"macos","malware","ai",[30],{"name":31,"url":32},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fthis-macos-malware-can-avoid-ai-analysis-with-gaslighting-prompts-hidden-inside-its-architecture",0,{"sections":35},[36,40,44,49,54,59,64,69,74,79,84,88,93,98],{"name":37,"slug":28,"count":38,"latest_published_at":39},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":41,"slug":24,"count":42,"latest_published_at":43},"Security",294,"2026-07-15T19:59:48.000Z",{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":85,"slug":86,"count":82,"latest_published_at":87},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":89,"slug":90,"count":91,"latest_published_at":92},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]