A new Linux malware called Koske hiding behind seemingly innocent JPEG images of pandas appears to be developed using artificial intelligence, BleepingComputer reports.
AquaSec researchers believe that Koske was shaped using automation frameworks or large language models. It deploys GPU- and CPU-optimized cryptocurrency miners that make use of the hosts processing power to mine more than 18 different coins, including Tari, Monero, Zano, Ravencoin, and Nexa. The attackers gain initial access by exploiting misconfigured JupyterLab instances exposed online, allowing them to execute commands remotely. They then retrieve two JPEG images of panda bears from legitimate hosting platforms such as Postimage, OVH Images, and Freeimage. These images conceal malicious code using polyglot files. The file then shows only a panda to an unsuspecting user but has a script that can be executed, which will allow the attacker to run arbitrary commands. AquaSec cautions that future iterations may take advantage of real-time adaptability and become a more dangerous class of threats.
AquaSec researchers believe that Koske was shaped using automation frameworks or large language models. It deploys GPU- and CPU-optimized cryptocurrency miners that make use of the hosts processing power to mine more than 18 different coins, including Tari, Monero, Zano, Ravencoin, and Nexa. The attackers gain initial access by exploiting misconfigured JupyterLab instances exposed online, allowing them to execute commands remotely. They then retrieve two JPEG images of panda bears from legitimate hosting platforms such as Postimage, OVH Images, and Freeimage. These images conceal malicious code using polyglot files. The file then shows only a panda to an unsuspecting user but has a script that can be executed, which will allow the attacker to run arbitrary commands. AquaSec cautions that future iterations may take advantage of real-time adaptability and become a more dangerous class of threats.
