- Hackers seen directed at the request of Juypterlab Bad satisfies
- They house malware in polyglot files in image exchange sites
- Koske malware mines different cryptographic tokens
Security researchers recently discovered a new Linux malware that is hidden in images of cute animals.
Aquasec cybersecurity experts recently found a piece of malware called Koske that circulated on the web. It is based on Polyglot files, documents that can be read and process differently, depending on the type of program that executes them.
Apparently, the threat actors pointed at the request of Jupyterlab exposed to the Internet, and poorly configured in a way that allows the remote execution of commands. After finding and accessing such final points, the attackers would extract .JPEG files for legitimate image housing services such as OVH, freeimage or postimage images. The images were of panda bears generated by AI, harmless at first glance.
Serbian hackers?
Through a script interpreter, the images become a CPU and cryptocurrency miners optimized by GPU, using server resources to generate more than 18 types of cryptographic tokens.
The “mining” of cryptocurrency is essentially a support process of a blockchain network. In exchange for loans of electricity, internet and computer energy to admit the network, users receive cryptocurrency tokens whose value depends on different things, such as the number of users, the number of tokens in circulation and the cost of mining.
The mining cryptography in this way generates relatively few profits for the attackers, some researchers said, while they increase huge costs for the victims: the power and electricity of the cloud calculation are often quite expensive.
Aquasec could not attribute the malware to a specific group definitely, but said that it found IP directions based on Serbia used in attacks, serbiah phrases in scripts and the Slovak language in the Github repository that house the miners.
In that context, the name of malware would make sense, since the word “koske” in colloquial or dialectal form means “bones.”
Researchers believe that, in addition to the image, the malware itself was written with the help of large language models (LLM) or automation frames.
Through Bleepingcomputer
