- The hackers saw the targeting of the badly configured juypterlab instances
- They host malware in polyglot files on image sharing sites
- Malware Koske Mines different crypto chips
Security researchers have recently discovered a new Linux malware hiding on cute animal photos.
Aquaseec cybersecurity experts recently found a malware called Koske circulating on the web. It is based on polyglot files – documents that can be read and processed differently, depending on the type of program that executes them.
The actors of the threat apparently aimed at the bodies of Jupyterlab exposed to the Internet, and poorly configured in a way that allows the execution of the remote order. After finding and accessing these ending points, the attackers drew .jpeg files from legitimate image accommodation services such as OVH, Freeimage or Postimage images. The images were panda bears generated by AI, harmless at first glance.
Serbian hackers?
Thanks to a script interpreter, the images are transformed into CPU and GPU optimized cryptocurrency minors, using the server resources to generate more than 18 types of cryptographic tokens.
The exploitation of cryptocurrency is essentially a process of taking charge of a blockchain network. In exchange for lending electricity, internet and computing power to support the network, users receive cryptocurrency tokens whose value depends on different things such as the number of users, the number of tokens in circulation and the cost of mining.
The exploitation of the crypto in this way generates relatively little profit for the attackers, said certain researchers, while resulting in enormous costs for the victims – the power of calculation of the clouds and the electricity are often quite expensive.
Aquasec could not attribute the malware to a specific group definitively, but he said that he had found IP addresses based on Serbia used in attacks, Serbian sentences in scripts and Slovak language in the Github benchmark hosting minors.
In this context, the name of malware would have a certain meaning, because the word “koske” in familiar or dialectal form means “bone”.
Researchers think that in addition to the image, the malware itself has been written using models of large language (LLM) or automation frames.
Via Bleeping Compompute
