- Hackers Set Targeted Modone -Figured JuypterLab –
- They are hosted of Malware in Polyglot files at image sharing sites
- Koske Malware Miner Different Krypto -tokens
Security researchers recently discovered a new Linux malware that was hiding in pictures of cute animals.
Aquasec cybersecurity experts recently found a piece of malware called coske circulating around the web. It depends on polyglot files – documents that can be read and processed differently, depending on the type of program that runs them.
The threat actors were apparently aimed at Jupyterlab deposits exposed to the Internet and incorrectly configured in a way that allows remote commemoration. After finding and accessing such final points, attackers would draw .JPEG files from legitimate photo hosting services such as OVH images, freeimage or postalimage. The pictures were of AI-generated panda bears, harmless at first glance.
Serbian hackers?
Through a script interpreter, the images have been transformed into a CPU and GPU-optimized cryptocurrency miners using the server’s resources to generate more than 18 types of crypto-tokens.
Cryptocurrency “mining” is essentially a process of supporting a blockchain network. In return for the lending of electricity, internet and computing power to support the grid, users get cryptocurrency -tokens, whose value depends on different things, such as the number of users, the number of tokens in circulation and the cost of mining.
Mining of crypto in this way generates relatively little profit for attackers, some researchers said, having great costs for the victims – Cloud Compute Power and Electricity are often quite expensive.
Aquasec could not attribute malware to a particular group definitely, but it said it found Serbien-based IP addresses used in the attacks, Serbian sentences in the manuscripts and the Slovak language in the GitHub storage host of miners.
In that context, the name of malware would make sense as the word “coske” in colloquial or dialectal form means “bones”.
The researchers believe that in addition to the picture, malware was even written using large language models (LLM) or automation frames.
Via Bleeping computer
