• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 10,000 monthly views and 50,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Koske Cryptominer Rootkit Hides in Panda Pictures on Linux Servers

johny899

johny899

New Member
Content Writer
Messages
151
Reaction score
2
Points
23
Balance
$112.9USD
Let me tell you something unusual—a panda photo that is actually a hacking tool. Sounds absurd, right? Believe it, though. This is Koske, and if you're running Linux servers, then you should know about it.

What Is Koske and Why It Is Bad?​

Koske is not some boring virus. It's sophisticated and sneaky.

Here's how it works:
  • It pretends to be a sweet and harmless-looking panda picture.
  • The photo, though, also contains hidden code.
  • When an innocent user opens the photo on the wrong kind of server (like one that has JupyterLab installed on it), the hidden code runs.
It goes on to build a secret program to do cryptocurrency mining (basically, it makes use of your server's processing power to generate money for hackers).

Would you ever think a panda photo was capable of doing such a thing? Yeah, me neither.

How Koske Hides So Well​

What really amazed me is how well hidden it stays. It doesn't want to come out once it's in.

Here's what it does:
  • Adds tasks to run every time the server starts.
  • Plays tricks to hide its files and running programs.
  • Spits on your firewall rules to leave the door open.
  • Modifies your DNS settings (these tell your server where to connect online).
It pretty much becomes invisible.

What Is It Mining?​

Koske is programmed to mine 18 different cryptocurrencies. It checks your server to find out what's suitable to mine based on your CPU or GPU.

Some awesome (and scary) tricks:
  • If a coin doesn't work, it falls back on another one.
  • If a server rejects it, it bypasses it.
This thing just won't stop.

Why You Should Care​

The developers of Koske probably used AI software. Some of the coding seems to have been done by someone akin to ChatGPT. There are indications that it is Serbian, but one can never be certain.

If your Linux server is running and not properly secured, Koske can penetrate.

Cute Pandas Can Be Harmful ????​

So, yea… the next time you see a cute panda photo, maybe don't believe it so fast. Koske is sly, subtle, and strong.

Secure your servers. Shut down ports. Patch your programs. Look for strange files.

Ever seen something like this before? Let me know!
 
You must log in or register to reply here.

Support / Help Desk

Blog - (WHV)

Hosting Reviews

Navigation

  1. WHV Forums
    1. WHV - Announcements
    2. General Discussion
    3. Introduction
    4. Web Hosting Forum
    5. Help
    6. News
  2. Marketplace
    1. VPS Offers
    2. Dedicated Server Offers
    3. Shared Hosting Offers
    4. Reseller Hosting Offers
    5. Other Offers (Not Hosting)
    6. Domains
  3. Web Hosting Discussion
    1. Hosting Software & Control Panels
    2. Other Hosting Tutorials
    3. Reviews
    4. Articles
    5. Offtopic
  4. Web Hosting Tutorials
    1. cPanel Tutorials
    2. WHM Reseller Tutorials
    3. DirectAdmin Tutorials
    4. Blesta Tutorials
    5. WHMCS Tutorials
  5. Hosting Extensions
    1. WHMCS Market
    2. Blesta Market
    3. HostBill Market
Top