AI-Generated Linux Miner 'Koske' Beats Human Malware

Threat Score:

4 articles

79.0% similarity

15 hours ago

Activity Timeline

4 articles

Click to navigate

Jul 24

Jul 25

Oldest

Latest

Key Insights

New Linux malware 'Koske' uses AI-assisted development, delivering cryptomining payloads through disguised panda images.

Koske targets Linux systems, deploying CPU and GPU-optimized miners for over 18 cryptocurrencies, significantly impacting system performance.

Attackers utilize Serbian IP addresses and language, indicating potential regional attribution for the threat actors.

The malware features advanced capabilities, including modular payloads and evasive rootkits, making detection and removal challenging.

Threat Overview

The newly identified Koske Linux malware leverages AI to deliver cryptomining payloads via seemingly harmless panda images, affecting Linux systems by utilizing their computational resources for mining over 18 cryptocurrencies [1][2][3]. This sophisticated threat exhibits advanced features such as modular payloads and rootkits, complicating detection and mitigation efforts [4]. Organizations should immediately enhance their endpoint security measures, monitor for unusual CPU/GPU usage, and implement strict controls on image file execution [1][2]. Regular updates to security protocols and user training on potential phishing tactics are also recommended to prevent initial access [3].

Tactics, Techniques & Procedures (TTPs)

T1203

Exploit for Client Execution - Delivery of malware through weaponized image files [2, 4]

T1059.001

Command and Scripting Interpreter - Execution of scripts via malicious payloads [3]

T1071.001

Application Layer Protocol: Web Protocols - Communication with command and control servers through web traffic [4]

T1543.003

Create or Modify System Process: Windows Service - Installation of persistent cryptomining services [2, 3]

Timeline of Events

2025-07-24

Koske malware discovered by AquaSec researchers [1]

2025-07-25

Detailed analysis and public disclosure of Koske's capabilities and methods [2, 3, 4]

Ongoing

Active campaigns utilizing Koske malware reported [1, 2]

Generated 15 hours ago

Recent Analysis

AI analysis may contain inaccuracies

4 articles

AI-Generated Linux Miner 'Koske' Beats Human Malware

Dark Reading • 21 hours ago

Threat Intelligence Cyber Risk Endpoint Security Vulnerabilities & Threats News AI-Generated Linux Miner 'Koske' Beats Human MalwareAI-Generated Linux Miner 'Koske' Beats Human MalwareAI-Generated Linux Miner 'Koske' Beats Human Malware AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do. July 25, 2025 A newly discovered cryptominer suggests that attackers are not only using artificial intelligence (AI) to develop

Score

90.0% similarity

Sophisticated Koske Linux Malware Developed With AI Aid

SecurityWeek • 1 day ago

The Koske Linux malware shows how cybercriminals can use AI for payload development, persistence, and adaptivity.

Score

89.0% similarity

New Koske Linux malware hides in cute panda images

BleepingComputer • 1 day ago

New Koske Linux malware hides in cute panda images Bill Toulas July 24, 2025 04:54 PM 1 A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. Researchers from cybersecurity company AquaSec analyzed Koske and described it as "a sophhisticated Linux threat." Based on the observed adaptive behavior, the researchers believe that the malware was developed using large

Score

94.0% similarity

AI-forged panda images hide persistent cryptomining malware ‘Koske’

CSO Online • 1 day ago

A new malware strain named ‘Koske’ is delivering crypto-mining payloads through dropper files posing as benign panda pictures. According to Aqua Nautilus, the cybersecurity team at Aqua Security, the malware likely uses AI-assistance as its code appears shaped by large language models (LLMs). “Koske, a sophisticated Linux threat, shows clear signs of AI-assisted development, like with help from a large language model,” Aqua researcher Assaf Morag wrote in a blog post. “It represents a new breed

Score

93.0% similarity

PLATFORMS

Linux

ICS

ATTACK TYPES

Rootkit

Phishing

Social Engineering

MITRE ATT&CK

Proxy

Rootkit

Phishing

Brute Force

RANSOMWARE

One

Polyglot

play

Korean

Revolution

COMPANIES

Apple

Google

GitHub

Cloudflare

INDUSTRIES

Mining

Education

MALWARE

Nautilus

Polyglot

Dark

PLAY

Leverage

VULNERABILITIES

RCE

Command Injection

XSS

SECURITY VENDORS

Cloudflare

APT GROUPS

APT3

CVES

CVE-2025-30370

IP ADDRESSES

178.220.112.53

IP ADDRESSES

178.220.112.53

CLUSTER INFORMATION

Cluster #1376

Created 15 hours ago

Semantic Algorithm

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Cluster Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Activity Timeline

Key Insights

Threat Overview

Tactics, Techniques & Procedures (TTPs)

Timeline of Events

Related Articles

AI-Generated Linux Miner 'Koske' Beats Human Malware

Sophisticated Koske Linux Malware Developed With AI Aid

New Koske Linux malware hides in cute panda images

AI-forged panda images hide persistent cryptomining malware ‘Koske’

Save to Folder

Cluster Intelligence