# [HIGH] New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis **Source:** The Hacker News **Published:** 2026-06-25 **Article:** https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html ## Threat Profile New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis  Ravie Lakshmanan  Jun 25, 2026 AI Security / Malware A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed w… ## Indicators of Compromise (high-fidelity only) - **SHA256:** `6328567511d88fdc2ae0939c5ef17b7a63d2a833881900de018a4f12f4982525` - **SHA256:** `77b4fd46994992f0e57302cfe76ed23c0d90101381d2b89fc2ddf5c4536e77ca` - **SHA256:** `baabf249c77bc54c54ab0e66e15af798bd28aa5b4683554456a8b73ab8741239` - **SHA256:** `b3c56d689414343589f38394d19ba2fe9a518133281200faa0556ba4e4136394` ## MITRE ATT&CK Techniques - **T1071.001** — Web Protocols - **T1071.004** — DNS - **T1539** — Steal Web Session Cookie - **T1555.003** — Credentials from Web Browsers - **T1027** — Obfuscated Files or Information - **T1543.001** — Create or Modify System Process: Launch Agent - **T1036.005** — Masquerading: Match Legitimate Name or Location - **T1059.006** — Command and Scripting Interpreter: Python - **T1059.004** — Command and Scripting Interpreter: Unix Shell - **T1105** — Ingress Tool Transfer - **T1102.002** — Web Service: Bidirectional Communication - **T1071.001** — Application Layer Protocol: Web Protocols - **T1560.001** — Archive Collected Data: Archive via Utility - **T1074.001** — Data Staged: Local Data Staging - **T1119** — Automated Collection - **T1555.001** — Credentials from Password Stores: Keychain ## Kill chain phases observed _(none detected from narrative keywords)_ ## Recommended hunts ### Gaslight macOS LaunchAgent persistence spoofing 'com.apple.system.services.activity' `UC_12_3` · phase: **install** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Filesystem where Filesystem.file_path="*/Library/LaunchAgents/*" Filesystem.file_name="com.apple.system.services.activity.plist" by Filesystem.dest Filesystem.file_path Filesystem.file_name Filesystem.process_name | `drop_dm_object_name(Filesystem)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceFileEvents | where Timestamp > ago(30d) | where FolderPath has "/Library/LaunchAgents/" | where FileName =~ "com.apple.system.services.activity.plist" or FolderPath has "com.apple.system.services.activity" | where InitiatingProcessFileName !in~ ("launchd","cfprefsd","installer","Installer") | project Timestamp, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FolderPath, FileName, SHA256 | order by Timestamp desc ``` ### Gaslight standalone CPython 3.10.18 interpreter staged from python-build-standalone `UC_12_4` · phase: **install** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Processes where (Processes.process_path="*cpython-3.10.18*" OR Processes.process="*cpython-3.10.18*" OR Processes.process="*python-build-standalone*") by Processes.dest Processes.user Processes.parent_process_name Processes.process_name Processes.process | `drop_dm_object_name(Processes)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceProcessEvents | where Timestamp > ago(30d) | where FolderPath has "cpython-3.10.18" or ProcessCommandLine has_any ("cpython-3.10.18","python-build-standalone") | project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FileName, FolderPath, ProcessCommandLine, SHA256 | order by Timestamp desc ``` ### Gaslight Telegram Bot API getUpdates C2 polling from non-browser macOS process `UC_12_5` · phase: **c2** · confidence: **Medium** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime values(All_Traffic.dest_port) as dest_ports from datamodel=Network_Traffic.All_Traffic where All_Traffic.dest="api.telegram.org" NOT (All_Traffic.process_name IN ("Telegram","Safari","Google Chrome","firefox","Brave Browser")) by All_Traffic.src All_Traffic.process_name All_Traffic.dest | `drop_dm_object_name(All_Traffic)` | where count > 5 | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceNetworkEvents | where Timestamp > ago(7d) | where RemoteUrl has "api.telegram.org" | where InitiatingProcessFileName !in~ ("Telegram","Telegram Desktop","Safari","Google Chrome","firefox","Brave Browser","com.apple.WebKit.Networking","nsurlsessiond") | summarize ConnCount=count(), FirstSeen=min(Timestamp), LastSeen=max(Timestamp), Ports=make_set(RemotePort) by DeviceName, InitiatingProcessFileName, InitiatingProcessFolderPath, RemoteUrl | where ConnCount > 5 | order by ConnCount desc ``` ### Gaslight collection archive temp/collected_data.zip staged for Telegram exfiltration `UC_12_6` · phase: **actions** · confidence: **High** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Filesystem where Filesystem.file_name="collected_data.zip" by Filesystem.dest Filesystem.file_path Filesystem.file_name Filesystem.process_name | `drop_dm_object_name(Filesystem)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceFileEvents | where Timestamp > ago(30d) | where ActionType in ("FileCreated","FileModified","FileRenamed") | where FileName =~ "collected_data.zip" or FolderPath endswith "temp/collected_data.zip" | project Timestamp, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FolderPath, FileName, FileSize, SHA256 | order by Timestamp desc ``` ### Gaslight credential theft: macOS keychain + Chrome/Brave/Firefox/Safari store access `UC_12_7` · phase: **actions** · confidence: **Medium** · AI-generated for this article **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Processes where (Processes.process="*dump-keychain*" OR Processes.process="*login.keychain-db*" OR Processes.process="*key4.db*" OR Processes.process="*logins.json*" OR Processes.process="*Login Data*") by Processes.dest Processes.user Processes.parent_process_name Processes.process_name Processes.process | `drop_dm_object_name(Processes)` | convert ctime(firstTime) ctime(lastTime) ``` **Defender KQL:** ```kql DeviceProcessEvents | where Timestamp > ago(30d) | where AccountName !endswith "$" | where (FileName =~ "security" and ProcessCommandLine has_any ("dump-keychain","find-generic-password","find-internet-password")) or ProcessCommandLine has_any ("login.keychain-db","key4.db","logins.json","Login Data") | where InitiatingProcessFolderPath has "cpython-3.10.18" or InitiatingProcessFileName has_any ("python3","python3.10","bash","sh","zsh") or FileName =~ "security" | project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FileName, ProcessCommandLine | order by Timestamp desc ``` ### Beaconing — periodic outbound to small set of destinations `UC_BEACONING` · phase: **c2** · confidence: **Medium** **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count, values(All_Traffic.dest_port) AS ports from datamodel=Network_Traffic.All_Traffic where All_Traffic.action="allowed" AND All_Traffic.dest_category!="internal" by _time span=10s, All_Traffic.src, All_Traffic.dest | `drop_dm_object_name(All_Traffic)` | streamstats current=f last(_time) AS prev_time by src, dest | eval delta = _time - prev_time | stats avg(delta) AS avg_delta stdev(delta) AS sd_delta count by src, dest | where count > 30 AND sd_delta < 5 AND avg_delta>=30 AND avg_delta<=600 | sort - count ``` **Defender KQL:** ```kql DeviceNetworkEvents | where Timestamp > ago(1d) | where RemoteIPType == "Public" and ActionType == "ConnectionSuccess" | project DeviceName, RemoteIP, RemotePort, Timestamp | sort by DeviceName asc, RemoteIP asc, RemotePort asc, Timestamp asc | extend prev_dev = prev(DeviceName, 1), prev_ip = prev(RemoteIP, 1), prev_port = prev(RemotePort, 1), prev_ts = prev(Timestamp, 1) | where DeviceName == prev_dev and RemoteIP == prev_ip and RemotePort == prev_port | extend delta_sec = datetime_diff('second', Timestamp, prev_ts) | summarize conn_count = count(), avg_delta = avg(delta_sec), stdev_delta = stdev(delta_sec) by DeviceName, RemoteIP, RemotePort | where conn_count > 30 and avg_delta between (30.0 .. 600.0) and stdev_delta < 5.0 | order by conn_count desc ``` ### Infostealer — non-browser process accessing browser cookie/login DBs `UC_BROWSER_STEALER` · phase: **actions** · confidence: **High** **Splunk SPL (CIM):** ```spl | tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Filesystem where (Filesystem.file_path="*\Google\Chrome\User Data\*\Login Data*" OR Filesystem.file_path="*\Google\Chrome\User Data\*\Cookies*" OR Filesystem.file_path="*\Microsoft\Edge\User Data\*\Login Data*" OR Filesystem.file_path="*\Mozilla\Firefox\Profiles\*\logins.json*" OR Filesystem.file_path="*\Mozilla\Firefox\Profiles\*\cookies.sqlite*") AND NOT Filesystem.process_name IN ("chrome.exe","msedge.exe","firefox.exe","brave.exe","opera.exe") by Filesystem.dest, Filesystem.process_name, Filesystem.file_path, Filesystem.user | `drop_dm_object_name(Filesystem)` ``` **Defender KQL:** ```kql DeviceFileEvents | where Timestamp > ago(7d) | where InitiatingProcessAccountName !endswith "$" | where FolderPath has_any (@"\Google\Chrome\User Data\", @"\Microsoft\Edge\User Data\", @"\Mozilla\Firefox\Profiles\") | where FileName in~ ("Login Data","Cookies","logins.json","cookies.sqlite") | where InitiatingProcessFileName !in~ ("chrome.exe","msedge.exe","firefox.exe","brave.exe","opera.exe") | project Timestamp, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, FolderPath, FileName, ActionType ``` ### IOC-driven hunts (use shared templates) These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing. - **File hash IOCs — endpoint file/process match** ([template](../_TEMPLATES.md#hash-ioc)) — phase: **install**, confidence: **High** - file hash IOC(s): `6328567511d88fdc2ae0939c5ef17b7a63d2a833881900de018a4f12f4982525`, `77b4fd46994992f0e57302cfe76ed23c0d90101381d2b89fc2ddf5c4536e77ca`, `baabf249c77bc54c54ab0e66e15af798bd28aa5b4683554456a8b73ab8741239`, `b3c56d689414343589f38394d19ba2fe9a518133281200faa0556ba4e4136394` ## Why this matters Severity classified as **HIGH** based on: IOCs present, 8 use case(s) fired, 16 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.