Subj : A bizarre new Linux malware can be found hiding in cute animal ph To : All From : TechnologyDaily Date : Fri Jul 25 2025 17:00:08 A bizarre new Linux malware can be found hiding in cute animal photos Date: Fri, 25 Jul 2025 15:26:00 +0000 Description: That cute panda pic is actually a cryptominer that will rake up your electricity bill. FULL STORY ======================================================================Hackers seen targeting misconfigured JuypterLab instances They host malware in polyglot files on image sharing sites The Koske malware mines different crypto tokens Security researchers recently discovered a new Linux malware hiding in pictures of cute animals. Cybersecurity experts from AquaSec recently found a piece of malware called Koske circulating around the web. It relies on polyglot files - documents that can be read and processed differently, depending on the type of program running them. The threat actors were apparently targeting JupyterLab instances exposed to the internet, and misconfigured in a way that allows remote command execution. After finding and accessing such endpoints, the attackers would pull .JPEG files from legitimate image hosting services such as OVH images, freeimage, or postimage. The pictures were of AI-generated panda bears, innocuous at first sight. Serbian hackers? Through a script interpreter, the images are turned into a CPU and GPU-optimized cryptocurrency miners, using the servers resources to generate more than 18 types of crypto tokens. Cryptocurrency mining is essentially a process of supporting a blockchain network. In exchange for lending electricity, internet, and computing power to support the grid, users are given cryptocurrency tokens whose value depends on different things such as the number of users, the number of tokens in circulation, and the cost of mining. Mining crypto this way generates relatively little profit for the attackers, some researchers said, while raking up huge costs for the victims - cloud compute power and electricity are often quite expensive. AquaSec could not attribute the malware to a specific group definitively, but it did say that it found Serbia-based IP addresses used in the attacks, Serbian phrases in the scripts, and Slovak language in the GitHub repository hosting the miners. In that context, the name of the malware would make some sense, since the word Koske in colloquial or dialectal form means bones. The researchers believe that besides the image, the malware itself was written with the help of large language models (LLM) or automation frameworks. Via BleepingComputer You might also like Thousands of PostgreSQL servers are being hijacked to mine crypto Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/a-damaging-new-linux-malware-is-hiding- in-cute-animal-photos --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .