A sophisticated Linux malware campaign called Koske has been discovered, showing signs of AI-assisted development. The threat exploits misconfigured servers to install backdoors and download weaponized JPEG images containing malicious payloads. The malware uses polyglot file abuse to hide shellcode within images, deploys a userland rootkit, and employs various persistence techniques. It aggressively manipulates network settings to ensure command-and-control communication. The malware supports 18 different cryptocurrencies and adapts its mining strategy based on the host's capabilities. The code structure and adaptability suggest AI involvement in its creation, marking a concerning shift in malware development and posing significant challenges for cybersecurity defenses.