OTX Bot<p>AI-Generated Malware in Panda Image Hides Persistent Linux Threat</p><p>A sophisticated Linux malware campaign called Koske has been discovered, showing signs of AI-assisted development. The threat exploits misconfigured servers to install backdoors and download weaponized JPEG images containing malicious payloads. The malware uses polyglot file abuse to hide shellcode within images, deploys a userland rootkit, and employs various persistence techniques. It aggressively manipulates network settings to ensure command-and-control communication. The malware supports 18 different cryptocurrencies and adapts its mining strategy based on the host's capabilities. The code structure and adaptability suggest AI involvement in its creation, marking a concerning shift in malware development and posing significant challenges for cybersecurity defenses.</p><p>Pulse ID: 68828d2d536ef213a5f043b8<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68828d2d536ef213a5f043b8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68828</span><span class="invisible">d2d536ef213a5f043b8</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-24 19:44:45</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShellCode</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
192active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#shellcode
0 posts · 0 participants · 0 posts today
h o ʍ l e t t<p>→ <a href="https://mamot.fr/tags/Speedrunners" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Speedrunners</span></a> are <a href="https://mamot.fr/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> researchers, they just don't know it yet<br><a href="https://zetier.com/speedrunners-are-vulnerability-researchers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">zetier.com/speedrunners-are-vu</span><span class="invisible">lnerability-researchers/</span></a></p><p>“Super Mario World runners will place items in extremely precise locations so that the X,Y coordinates form <a href="https://mamot.fr/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shellcode</span></a> they can jump to with a dangling reference. Legend of <a href="https://mamot.fr/tags/Zelda" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zelda</span></a>: Ocarina of Time players will do heap grooming and write a <a href="https://mamot.fr/tags/function" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>function</span></a> pointer […] so the game “wrong warps” directly to the <a href="https://mamot.fr/tags/end" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>end</span></a> <a href="https://mamot.fr/tags/credit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credit</span></a> sequence… with nothing more than a <a href="https://mamot.fr/tags/game" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>game</span></a> <a href="https://mamot.fr/tags/controller" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>controller</span></a> and a steady <a href="https://mamot.fr/tags/hand" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hand</span></a>”</p><p><a href="https://mamot.fr/tags/Mario" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mario</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload