{ "name": "AI-Generated Malware in Panda Image Hides Persistent Linux Threat", "slug": "ai-generated-malware-in-panda-image-hides-persistent-linux-threat", "description": "A sophisticated Linux malware campaign called Koske has been discovered, showing signs of AI-assisted development. The threat exploits misconfigured servers to install backdoors and download weaponized JPEG images containing malicious payloads. The malware uses polyglot file abuse to hide shellcode within images, deploys a userland rootkit, and employs various persistence techniques. It aggressively manipulates network settings to ensure command-and-control communication. The malware supports 18 different cryptocurrencies and adapts its mining strategy based on the host's capabilities. The code structure and adaptability suggest AI involvement in its creation, marking a concerning shift in malware development and posing significant challenges for cybersecurity defenses.", "published": "2025-07-24T17:44:45+00:00", "created_at": "2025-07-24T17:44:45+00:00", "modified_at": "2025-07-24T18:42:54+00:00", "created_at_opencti": "2025-07-24T17:44:45+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-07-24", "ai-generated", "cryptomining", "koske", "linux", "polyglot-abuse", "rootkit" ], "related_entities": { "observables": [ { "id": "", "name": "178.220.112.53" }, { "id": "", "name": "0b96565b20b7430d6d6e18e940cfe0d10109711fd7919690bb5ee5fd8863f143" } ], "malware": [ { "id": "legacy:malware:196d0366fff0c3d1", "name": "Koske", "slug": "koske" } ], "intrusion_sets": [ { "id": "a1e0340d-30ad-4372-8fb1-76f5be42914a", "name": "Koske", "slug": "koske" } ], "others": [ { "id": "", "name": "Serbia" } ] }, "external_refs": [ "https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat", "https://otx.alienvault.com/pulse/68828d2d536ef213a5f043b8" ] }