Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

294
active users

veganism.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.5

#rootkit

0 posts0 participants0 posts today
Public *
MalwareLab

Analysis of #Koske #miner.

It is an AI-generated #Linux #malware which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, #rootkit #hideproc, tries to hide the Koske miner from file listings and processes.

malwarelab.eu/posts/koske-pand

Video from #anyrun analysis:

youtube.com/watch?v=1OSPp996XQ4

Panda images with hidden Koske malware
Bash shell script after JPEG data in image (some data omitted for clarity)
Hooking of readdir() function and filter hiddenpid entry in /proc directory
Rootkit affects the output of command ls when loaded via LD_PRELOAD
#koskeminer#coinminer#blueteam
Public
OTX Bot

AI-Generated Malware in Panda Image Hides Persistent Linux Threat

A sophisticated Linux malware campaign called Koske has been discovered, showing signs of AI-assisted development. The threat exploits misconfigured servers to install backdoors and download weaponized JPEG images containing malicious payloads. The malware uses polyglot file abuse to hide shellcode within images, deploys a userland rootkit, and employs various persistence techniques. It aggressively manipulates network settings to ensure command-and-control communication. The malware supports 18 different cryptocurrencies and adapts its mining strategy based on the host's capabilities. The code structure and adaptability suggest AI involvement in its creation, marking a concerning shift in malware development and posing significant challenges for cybersecurity defenses.

Pulse ID: 68828d2d536ef213a5f043b8
Pulse Link: otx.alienvault.com/pulse/68828
Pulse Author: AlienVault
Created: 2025-07-24 19:44:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#CyberSecurity#InfoSec
Public
PrivacyDigest

#Hackers can now bypass #Linux #security thanks to terrifying new Curing #rootkit

betanews.com/2025/04/24/hacker

BetaNews · Hackers can now bypass Linux security thanks to terrifying new Curing rootkitMost Linux users assume their security tools will catch bad actors before damage is done -- but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.
Public
heise Security

"Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware

Dieses Mal nehmen sich die Podcast-Hosts eines kontroversen Themas an: Unternehmen installieren über Sicherheitslücken Malware - und das in staatlichem Auftrag.

heise.de/news/Passwort-Folge-2

heise online · "Passwort" Folge 25: Staatlich sanktionierte Schnüffelsoftware
More from Dr. Christopher Kunz
#Android#Exploit#iOS
Replied in thread
Public
Fox

@stonehead Hi! I'm glad you asked because I'm sure there are many more people wondering about the same thing! :)

Yes, there is always a risk when you download something from open sources. However, you really cannot trust official sources as well. A good example is Sony's rootkit scandal. [1][2]

Doing basic internet "hygiene" will prevent you from most viruses, though. Having a decent virus scanner will do wonders [3], and the rest comes down to common sense. Be very careful with executables, keep your software (like PDF readers) up to date, look for settings to turn off scripts and perhaps consider sanitizing your PDFs before opening them. [4][5]

An interesting point on the aforementioned website is the following:

"With budgets getting tighter, we understand the appeal of free antivirus software. While there have been great changes in free subscriptions, the most notable being they now offer real-time malware protection, they are still minimal compared to a full antivirus security suite.

There are some exceptions, but most free antivirus programs don't offer web protections. This means they won't stop malware from downloading if you accidentally click on a malicious link. They will snatch it before it has a chance to infract your computer, but we feel better than a threatening file doesn't get that far into the process."

I hope this helped you on your way, and if not, do let me know! :)

----------

[1] theregister.com/2005/11/01/son
[2] theregister.com/2021/12/10/aut
[3] techradar.com/best/best-free-a (go to the product's websites manually to avoid tracking through links)
[4] github.com/Kerbalnut/Sanitize-
[5] webpdf.de/en/pdf-redact-and-sa

----------

The Register · Removing Sony's CD 'rootkit' kills WindowsBy Andrew Orlowski
#pdf#security#virus
VegansExploreLive feeds
About