🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉Jul 30, 2025
🚨 New #Koske #Linux malware uses panda 🐼 JPEGs to deliver stealthy cryptominers via polyglot files—AI-powered, evasive, and persistent. Users see cute images, but attackers get hidden rootkits & miners! Full story: https://www.bleepingcomputer.com/news/security/new-koske-linux-malware-hides-in-cute-panda-images/ #Cybersecurity #Malware #newz #lol xD Btw f… crypto that kind of deployment could also be used for other kind of attacks 💡
New Koske Linux malware hides in cute panda images

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory.

BleepingComputer
MalwareLabJul 27, 2025

Analysis of #Koske #miner.

It is an AI-generated #Linux #malware which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, #rootkit #hideproc, tries to hide the Koske miner from file listings and processes.

https://malwarelab.eu/posts/koske-panda-ai/

Video from #anyrun analysis:

https://www.youtube.com/watch?v=1OSPp996XQ4

#koskeminer #coinminer #blueteam #cybersecurity #dfir #malwareanalysis #infosec #reverseengineering

Rene RobichaudJul 25, 2025

AI-Generated Linux Miner 'Koske' Beats Human Malware
https://www.darkreading.com/threat-intelligence/ai-generated-linux-miner-koske

#Infosec #Security #Cybersecurity #CeptBiro #AIGenerated #LinuxMiner #Koske #BeatsHumanMalware

Show threadMalwareLabJul 25, 2025

@BleepingComputer you mention that “AquaSec identified Serbia-based IP addresses used in the attacks, Serbian phrases in the scripts, and Slovak language in the GitHub repository hosting the miners, but it could make no confident attribution.”

In the original blog by AquaSec, they identified the GitHub account “vozstanica” as Slovak word for “train station”. But this is not true, in Slovak language, train station is either “vlaková stanica” or “železničná stanica”.
It seems that “vozstation” is incorrectly detected as Slovak word by Google Translate.

On the other hand, when I search for “vozstation”, there are few occurrences on websites in Serbian language. It also correlates with other AquaSec findings such as Serbian phrases in AI-generated code and Serbian IP used in the attack. In their article, the only clue for Slovak is the “vozstation” only, which is more Serbian than Slovak word.

#Linux #malware #koske

securityaffairsJul 25, 2025
#Koske, a new #AI-Generated #Linux #malware appears in the threat landscape
https://securityaffairs.com/180355/malware/koske-a-new-ai-generated-linux-malware-appears-in-the-threat-landscape.html
#securityaffairs #hacking
Koske, a new AI-Generated Linux malware appears in the threat landscape

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence.

Security Affairs
The Threat CodexJul 25, 2025
AI-Generated Malware in Panda Image Hides Persistent Linux Threat
#Koske
https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/
AI-Generated Malware in Panda Image Hides Persistent Linux Threat

Aqua Nautilus research uncovers Koske, a new, sophisticated AI-generated Linux malware that uses image-based delivery, rootkits, and stealthy persistence

Aqua
securityaffairsJul 25, 2025
#Koske, a new #AI-Generated #Linux #malware appears in the threat landscape
https://securityaffairs.com/180355/malware/koske-a-new-ai-generated-linux-malware-appears-in-the-threat-landscape.html
#securityaffairs #hacking
Koske, a new AI-Generated Linux malware appears in the threat landscape

Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence.

Security Affairs
maniabelJul 24, 2025

AquaSec deckte jetzt eine üble Malware für Linux auf, wobei verseuchte Bilddateien den Angriffsvektor beinhalten: Koske verbreitet sich - aktuell - über präparierte Pandabärbilder, die ein Script in C mit der unangenehmen Payload mitbringen. Offensichtlich half ein LLM bei der Entwicklung der Malware. Schöne, neue KI-Welt.

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

#Linux #malware #infosec #koske #ki #ai

AI-Generated Malware in Panda Image Hides Persistent Linux Threat

Aqua Nautilus research uncovers Koske, a new, sophisticated AI-generated Linux malware that uses image-based delivery, rootkits, and stealthy persistence

Aqua