MalwareLab<p>Analysis of <a href="https://infosec.exchange/tags/Koske" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Koske</span></a> <a href="https://infosec.exchange/tags/miner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>miner</span></a>.</p><p>It is an AI-generated <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/hideproc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hideproc</span></a>, tries to hide the Koske miner from file listings and processes.</p><p><a href="https://malwarelab.eu/posts/koske-panda-ai/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/koske-pand</span><span class="invisible">a-ai/</span></a></p><p>Video from <a href="https://infosec.exchange/tags/anyrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anyrun</span></a> analysis:</p><p><a href="https://www.youtube.com/watch?v=1OSPp996XQ4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=1OSPp996XQ4</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/koskeminer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>koskeminer</span></a> <a href="https://infosec.exchange/tags/coinminer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coinminer</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a></p>
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.
Administered by:
Server stats:
293active users
veganism.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.5
#rootkit
0 posts · 0 participants · 0 posts today
OTX Bot<p>AI-Generated Malware in Panda Image Hides Persistent Linux Threat</p><p>A sophisticated Linux malware campaign called Koske has been discovered, showing signs of AI-assisted development. The threat exploits misconfigured servers to install backdoors and download weaponized JPEG images containing malicious payloads. The malware uses polyglot file abuse to hide shellcode within images, deploys a userland rootkit, and employs various persistence techniques. It aggressively manipulates network settings to ensure command-and-control communication. The malware supports 18 different cryptocurrencies and adapts its mining strategy based on the host's capabilities. The code structure and adaptability suggest AI involvement in its creation, marking a concerning shift in malware development and posing significant challenges for cybersecurity defenses.</p><p>Pulse ID: 68828d2d536ef213a5f043b8<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68828d2d536ef213a5f043b8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68828</span><span class="invisible">d2d536ef213a5f043b8</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-24 19:44:45</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShellCode</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/SonicWall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SonicWall</span></a> <a href="https://mastodon.thenewoil.org/tags/SMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMA</span></a> devices hacked with <a href="https://mastodon.thenewoil.org/tags/OVERSTEP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OVERSTEP</span></a> <a href="https://mastodon.thenewoil.org/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> tied to <a href="https://mastodon.thenewoil.org/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/sonicwall-sma-devices-hacked-with-overstep-rootkit-tied-to-ransomware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/sonicwall-sma-devices-hacked-with-overstep-rootkit-tied-to-ransomware/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Kevin Karhan :verified:<p><em>"<a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> maker sponsors a <a href="https://infosec.space/tags/shitpost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shitpost</span></a> by a <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> n0ob to sell their <a href="https://infosec.space/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> to <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a>"</em> would'nt be as clickbaity but a <a href="https://infosec.space/tags/HonestVideoTitle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HonestVideoTitle</span></a> instead...</p><p><a href="https://www.youtube.com/watch?v=UKLTGoftJi8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=UKLTGoftJi8</span><span class="invisible"></span></a></p><p><a href="https://infosec.space/tags/Lienus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lienus</span></a> <a href="https://infosec.space/tags/LinusTechTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinusTechTips</span></a> <a href="https://infosec.space/tags/LienueStechTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LienueStechTips</span></a> <a href="https://infosec.space/tags/Clickbait" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clickbait</span></a> <a href="https://infosec.space/tags/YouTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YouTube</span></a></p>
WinFuture.de<p>Sicherheitsforscher haben ein <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>-<a href="https://mastodon.social/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> entwickelt, das die <a href="https://mastodon.social/tags/Kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kernel</span></a>-<a href="https://mastodon.social/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> io_uring ausnutzt, um unentdeckt zu bleiben. Überwachungstools erkennen etwaige Angriffe darüber nicht. <a href="https://winfuture.de/news,150557.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winfuture.de/news,150557.html?</span><span class="invisible">utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia</span></a></p>
PrivacyDigest<p><a href="https://mas.to/tags/Hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackers</span></a> can now bypass <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> thanks to terrifying new Curing <a href="https://mas.to/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> </p><p><a href="https://betanews.com/2025/04/24/hackers-bypass-linux-security-with-armo-curing-rootkit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">betanews.com/2025/04/24/hacker</span><span class="invisible">s-bypass-linux-security-with-armo-curing-rootkit/</span></a></p>
heise Security<p>"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware</p><p>Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.</p><p><a href="https://www.heise.de/news/Passwort-Folge-25-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Passwort-Folge-2</span><span class="invisible">5-Staatlich-sanktionierte-Schnueffelsoftware-10271855.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/PasswortPodcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswortPodcast</span></a> <a href="https://social.heise.de/tags/Pegasus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pegasus</span></a> <a href="https://social.heise.de/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spyware</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
PrivacyDigest<p>Stealthy <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> found in the wild after going undetected for 2 years<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p><p><a href="https://arstechnica.com/?p=1989775" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=1989775</span><span class="invisible"></span></a></p>
Fox<p><span class="h-card"><a href="https://tech.lgbt/@stonehead" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stonehead</span></a></span> Hi! I'm glad you asked because I'm sure there are many more people wondering about the same thing! :) </p><p>Yes, there is always a risk when you download something from open sources. However, you really cannot trust official sources as well. A good example is Sony's rootkit scandal. [1][2]</p><p>Doing basic internet "hygiene" will prevent you from most viruses, though. Having a decent virus scanner will do wonders [3], and the rest comes down to common sense. Be very careful with executables, keep your software (like PDF readers) up to date, look for settings to turn off scripts and perhaps consider sanitizing your PDFs before opening them. [4][5]</p><p>An interesting point on the aforementioned website is the following:</p><p>"With budgets getting tighter, we understand the appeal of free antivirus software. While there have been great changes in free subscriptions, the most notable being they now offer real-time malware protection, they are still minimal compared to a full antivirus security suite.</p><p>There are some exceptions, but most free antivirus programs don't offer web protections. This means they won't stop malware from downloading if you accidentally click on a malicious link. They will snatch it before it has a chance to infract your computer, but we feel better than a threatening file doesn't get that far into the process."</p><p>I hope this helped you on your way, and if not, do let me know! :)</p><p>----------</p><p>[1] <a href="https://www.theregister.com/2005/11/01/sony_rootkit_drm" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2005/11/01/son</span><span class="invisible">y_rootkit_drm</span></a><br>[2] <a href="https://www.theregister.com/2021/12/10/autorunning_away/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2021/12/10/aut</span><span class="invisible">orunning_away/</span></a><br>[3] <a href="https://www.techradar.com/best/best-free-antivirus" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techradar.com/best/best-free-a</span><span class="invisible">ntivirus</span></a> (go to the product's websites manually to avoid tracking through links)<br>[4] <a href="https://github.com/Kerbalnut/Sanitize-PDF" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Kerbalnut/Sanitize-</span><span class="invisible">PDF</span></a><br>[5] <a href="https://www.webpdf.de/en/pdf-redact-and-sanitize" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">webpdf.de/en/pdf-redact-and-sa</span><span class="invisible">nitize</span></a></p><p>----------</p><p><a href="https://cytag.nl/tags/pdf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pdf</span></a> <a href="https://cytag.nl/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://cytag.nl/tags/virus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>virus</span></a> <a href="https://cytag.nl/tags/script" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>script</span></a> <a href="https://cytag.nl/tags/macro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macro</span></a> <a href="https://cytag.nl/tags/worm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>worm</span></a> <a href="https://cytag.nl/tags/epub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epub</span></a> <a href="https://cytag.nl/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://cytag.nl/tags/antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antivirus</span></a> <a href="https://cytag.nl/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://cytag.nl/tags/sanitize" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanitize</span></a></p>
Freemind<p>Reptile is a Linux kernel mode rootkit malware that provides a concealment feature for files, directories, processes, and network communications.</p><p><a href="https://mastodon.online/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.online/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.online/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.online/tags/cyberthreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberthreat</span></a> <a href="https://mastodon.online/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a></p><p><a href="https://cybersec84.wordpress.com/2023/08/05/linux-malware-reptile-poses-serious-threat-to-south-korean-systems/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersec84.wordpress.com/2023/</span><span class="invisible">08/05/linux-malware-reptile-poses-serious-threat-to-south-korean-systems/</span></a></p>
VegansExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload