AI-assisted malware named Koske is hidden inside panda images, silently hijacking Linux machines for crypto mining while evading detection.
According to verified cybersecurity research, the Koske campaign represents a sophisticated evolution in Linux-based threats, leveraging artificial intelligence to enhance its stealth, persistence, and adaptability. First identified in mid-2025 by Aqua Security’s Nautilus research team, the malware specifically targets misconfigured JupyterLab instances exposed to the internet, using them as an initial access vector to deliver malicious payloads disguised as benign image files.
The core technique involves polyglot JPEG files—images that appear normal to casual inspection but contain appended executable code. In the case of Koske, attackers weaponize seemingly innocuous panda pictures, hosting them on URL-shortening services like short[.]gy and tiny[.] to avoid raising suspicion. Once downloaded onto a vulnerable server, these files are processed to extract hidden shell scripts and compiled C-based rootkits, which execute directly in memory without touching the disk in many cases, further reducing forensic visibility.
Persistence is achieved through multiple layered mechanisms. The malware modifies user shell configuration files such as .bashrc and .bash_logout, as well as system-wide startup locations like /etc/rc.local. It too installs a custom systemd service named shellkoske.service to ensure reactivation after reboots. To conceal its presence, Koske employs a rootkit that hijacks the readdir() system call via the LD_PRELOAD mechanism, effectively hiding any files, processes, or directories containing strings like “koske” or “hideproc” from standard system utilities.
Once established, the malware dynamically selects and downloads cryptocurrency mining software tailored to the compromised host’s hardware capabilities. Research indicates it can choose from up to 18 different cryptocurrencies based on factors such as CPU and GPU availability, optimizing mining efficiency. Additional adaptive behaviors include proxy checking and DNS resetting, which support the malware maintain command-and-control connectivity while evading network-based detection systems.
The development of Koske shows clear indicators of AI-assisted creation. Analysts note its unusually clean code structure, modular design, and logical flow patterns that resemble outputs from large language models (LLMs). These characteristics suggest automation in both code generation and behavioral adaptation, marking Koske as part of an emerging trend where adversaries use AI not just to generate malware but to refine it for greater resilience and evasion.
Technical Breakdown: How Koske Evades Detection
Koske’s use of polyglot files allows it to bypass traditional signature-based scanners that rely on file extensions or known malicious hashes. By embedding executable code within the metadata or comment sections of a valid JPEG, the file maintains its image properties when viewed or processed by standard tools, yet can be redirected to a shell interpreter using utilities like dd to skip to the payload offset. This technique, cataloged under MITRE ATT&CK as T1059.004 (Unix Shell: Embedded Payload), enables execution without triggering alarms tied to suspicious file types.
The malware’s rootkit component operates by intercepting system calls at the user level. Through LD_PRELOAD, a malicious shared library is injected into running processes, overriding libc functions such as readdir() to filter out entries matching predefined strings. This method avoids kernel-level modifications, reducing the risk of system instability while still providing effective concealment from process listing tools like ps and directory listing commands like ls.
Network evasion is further enhanced through DNS manipulation. Koske has been observed resetting DNS configurations to use attacker-controlled servers or public resolvers in ways that obscure traffic patterns. Combined with proxy-checking routines that verify outgoing connections before initiating mining payloads, this helps the malware avoid detection by intrusion detection systems (IDS) that monitor for known malicious domains or anomalous data exfiltration.
Impact and Target Exposure
The campaign primarily affects servers running JupyterLab or similar web-based development environments that are inadvertently exposed to public networks without authentication. These misconfigurations are not limited to any specific industry or region, making the threat broadly applicable across sectors including education, research, technology startups, and enterprise IT environments where data science tools are commonly used.
Aqua Security’s analysis indicates the threat is opportunistic rather than targeted, meaning attackers scan for vulnerable instances rather than selecting specific victims. However, the potential impact is significant: compromised systems experience degraded performance due to resource hijacking, increased electricity consumption, and potential hardware wear from sustained CPU and GPU utilization. In cloud environments, this can translate directly into unexpected operational costs.
While no public reports attribute the Koske campaign to a specific threat actor group, researchers describe the operators as opportunistic attackers leveraging widely available exploitation techniques. The use of URL shorteners and image hosting services suggests an effort to minimize infrastructure costs and attribution risk. As of the last verified update in July 2025, the malware remained active, with ongoing adaptations observed in its payload selection and evasion tactics.
Defensive Recommendations
Organizations can mitigate the risk of Koske infection by securing JupyterLab and similar services against unauthorized access. This includes enforcing strong authentication, disabling public exposure unless necessary, and regularly auditing container and cloud configurations for excessive permissions. Implementing network segmentation and monitoring for outbound connections to known cryptocurrency mining pools or anonymization services can also aid in early detection.
Endpoint detection and response (EDR) tools should be configured to detect suspicious use of utilities like dd for offset-based file execution, unusual LD_PRELOAD usage, and unauthorized modifications to shell startup files. File integrity monitoring (FIM) on critical system paths such as /etc/, /usr/local/bin/, and user home directories can help identify unauthorized changes indicative of persistence mechanisms.
Given the AI-assisted nature of modern threats like Koske, security teams are encouraged to invest in behavioral analytics and anomaly detection rather than relying solely on signature-based defenses. Regular threat hunting exercises focused on memory-based execution and process injection techniques can improve readiness against evolving fileless and polyglot-based attacks.
As of the current date, no official patches or advisories have been issued specifically for Koske by major Linux distributions or cloud providers. Users are advised to consult the latest guidance from authoritative sources such as the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), and vendor-specific security bulletins for updates on related threats.
Stay informed about emerging cybersecurity threats by following trusted security research teams and enabling automated alerts for critical vulnerability disclosures. Share this information to help others recognize and defend against evolving malware tactics.