{"id":4114,"date":"2025-07-25T12:47:44","date_gmt":"2025-07-25T12:47:44","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4114"},"modified":"2025-07-25T12:47:44","modified_gmt":"2025-07-25T12:47:44","slug":"ai-forged-panda-images-hide-persistent-cryptomining-malware-koske","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4114","title":{"rendered":"AI-forged panda images hide persistent cryptomining malware \u2018Koske\u2019"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A new malware strain named \u2018Koske\u2019 is delivering crypto-mining payloads through dropper files posing as benign panda pictures.<\/p>\n<p>According to Aqua Nautilus, the cybersecurity team at Aqua Security, the malware likely uses AI-assistance as its code appears shaped by large language models (LLMs).<\/p>\n<p>\u201cKoske, a sophisticated Linux threat, shows clear signs of AI-assisted development, like with help from a large language model,\u201d Aqua researcher Assaf Morag wrote in a blog post. \u201cIt represents a new breed of persistent and adaptable malware built for one purpose: cryptomining.\u201d<\/p>\n<p>The AI-assisted malware features advanced capabilities, including modular payloads, evasive <a href=\"https:\/\/www.csoonline.com\/article\/3624326\/puma-creeps-through-linux-with-a-stealthy-rootkit-attack.html\">rootkits<\/a>, and delivery through weaponized image files.<\/p>\n<h2 class=\"wp-block-heading\">Initial access and delivery via panda images<\/h2>\n<p>The campaign begins with attackers exploiting a misconfigured JupyterLab instance, allowing them to download two images from a shortened URL. These files are polyglot JPEGs, essentially regular pictures with appended payloads.<\/p>\n<p>\u201cThe initial access is achieved by exploitation of a misconfigured JupyterLab instance from a Serbian IP address 178.220.112.53 origin,\u201d Morag <a href=\"https:\/\/www.aquasec.com\/blog\/ai-generated-malware-in-panda-image-hides-persistent-linux-threat\/\" target=\"_blank\" rel=\"noopener\">said<\/a>. Aqua\u2019s research did not cite a specific CVE or configuration flaw, noting that the focus is primarily on post-exploitation behavior and payload delivery.<\/p>\n<p>Morag told CSO that misconfigurations involved unauthenticated JupyterLab instances exposed to the internet, a common but risky practice. He added that weak passwords and known RCE vulnerabilities also contribute to such compromises. \u201cAt the end of the day, we are trying to figure out what the attackers do post-intrusion and not how they got in because they always find ways to get in,\u201d he said.<\/p>\n<p>One such entry point may have been <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30370\" target=\"_blank\" rel=\"noopener\">CVE-2025-30370<\/a>, a recently disclosed high-severity vulnerability in the JupyterLab-git extension that allows command injection. Such a flaw can allow attackers the initial foothold needed to execute the AI-generated payloads hidden within the panda images.<\/p>\n<p>When executed, the Panda images extract and execute malicious C code and shell scripts in-memory, bypassing traditional antivirus tools and remaining undetected on disk.<\/p>\n<p>\u201cOnly the last bytes are downloaded and executed, making it a sneaky form of polyglot abuse,\u201d Morag added. \u201cIt\u2019s a dual-use file that evades detection by blending image data with executable payloads. The initial X bytes are the image itself, while the last part of the file is a shell code aimed to be executed after the main payload is delivered to the targeted system.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><strong>Modular payload for stealth and persistence<\/strong><\/h2>\n<p>Koske employs multiple tactics to stay hidden and persistent. It hijacks hidden configuration files used by the Bash shell to execute a custom system script that maintains communication with the command-and-control (C2) infrastructure for persistence.<\/p>\n<p>Additionally, the rootkit, written in C, hijacks readdir(), a system call for reading directory content, to conceal processes and files named \u201cKoske\u201d or \u201chideproc.\u201d<\/p>\n<p>The malware registers itself as a background service, sets up recurring scheduled tasks, and evades detection by concealing its processes from standard monitoring tools. Its adaptive logic, including proxy-checking routines, an intelligent selection among 18 <a href=\"https:\/\/www.csoonline.com\/article\/1289758\/mirai-based-noabot-botnet-spreads-via-ssh-and-deploys-cryptominer.html\">cryptocurrency miners<\/a>, and fallback behaviors, is likely a borrowed AI function, Morag noted in the blog.<\/p>\n<p>Aqua recommended monitoring unauthorized bash modifications, unexpected DNS rewrites, and using runtime protection telemetry to spot anomalous shell behavior. Additionally, blocking execution of polyglot file payloads and hidden rootkits (with drift prevention) was advised. The blog shared a few indicators of compromise (IOCs), including IP addresses, URLs, and filenames used in the attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A new malware strain named \u2018Koske\u2019 is delivering crypto-mining payloads through dropper files posing as benign panda pictures. According to Aqua Nautilus, the cybersecurity team at Aqua Security, the malware likely uses AI-assistance as its code appears shaped by large language models (LLMs). \u201cKoske, a sophisticated Linux threat, shows clear signs of AI-assisted development, like [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4114","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4114"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4114"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4114\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4115"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}