AI-Generated Malware in Panda Image Hides Persistent Linux Threat
ID: bee24714-5f7a-5f81-92be-6a7f8a97d008
STIX ID: report--bee24714-5f7a-5f81-92be-6a7f8a97d008
Feed Name: Aqua Security Blog
Threat Score
Aqua Nautilus describes "Koske", a sophisticated Linux cryptomining malware campaign that abuses misconfigured JupyterLab for initial access, delivers payloads via polyglot JPEG files, compiles and loads a userland rootkit via LD_PRELOAD, manipulates system startup, DNS and firewall settings for persistence and C2 connectivity, and dynamically selects and runs multiple miners; the report includes IOCs and recommends runtime, network, and AI-detection controls.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.