macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Stay ahead of threats with the latest on evasion techniques in infosec. Insights on how attackers bypass defenses and updates on countermeasures.
Search across headline titles and summaries.
Background for this topic.
Evasion is the deliberate concealment or modification of malicious code, commands, traffic, or behavior to bypass security controls and avoid detection. Common examples include code obfuscation, encrypted or rapidly changing payloads, abuse of trusted system tools, and disguising command-and-control traffic as ordinary network activity. It can target antivirus signatures, email and web filters, endpoint monitoring, or analysts investigating suspicious activity.
Successful evasion can reduce visibility, delay detection, and allow unauthorized activity to continue, although it may still leave behavioral or operational evidence. Mitigation should combine signature detection with behavior-based analytics and reliable endpoint, identity, and network telemetry. Restricting unnecessary scripting and administrative tools, applying application controls, and protecting centralized logs make abuse harder and preserve evidence. During investigations, examine process ancestry, unusual tool use, persistence changes, and deviations from expected user or host behavior rather than relying solely on file hashes or other easily changed indicators.
Weekly headline count for the current query.
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware
Google warns of “just-in-time AI” malware using LLMs to evade detection and generate malicious code on-demand
New Android RAT Klopatra is targeting financial institutions using advanced evasion techniques
HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns
Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques
Cybercriminals are using AI cloaking tools to evade detection, disguising phishing and malware sites
The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors
ClickFix techniques are enabling threat actors to bypass defenses using tools like MSHTA, says ReliaQuest
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques
ResolverRAT targets healthcare organizations using advanced evasion techniques and social engineering
Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials