Sophisticated Koske Linux Malware Developed With AI Aid

Cybercriminals appear to have employed AI to a significant extent in the development of a sophisticated Linux malware named Koske, according to cloud and container security firm Aqua Security. 

Koske is designed to abuse compromised systems for cryptocurrency mining. It deploys CPU- and GPU-optimized miners — depending on the device’s capabilities — to leverage the host’s resources to mine for Monero, Ravecoin, Nexa, Tari, Zano and a dozen other cryptocurrencies.

In attacks observed by Aqua, the malware has been distributed on misconfigured instances of the JupyterLab web-based development environment.

On compromised systems, the attackers install backdoors and download two apparently harmless JPEG image files.

These files are actually polyglots — when opened, they display an image of a panda, but they also embed malicious shellcode that fetches additional payloads, including a rootkit.

Aqua researchers believe Koske’s development has been significantly aided by AI. They believe the malware’s developers have ...