return
1 Summies are waiting for you
All Categories
- All Categories
-
CheckmarxUnmasking Soco404 and Koske
Hey guys, it's Veronica from Checkmarx.Today we're diving into the world of malware, specifically two campaigns that are shaking up cloud services with some serious cryptomining ...
02:46Unmasking Soco404 and KoskeHey guys, it's Veronica from Checkmarx.
Today we're diving into the world of malware, specifically two campaigns that are shaking up cloud services with some serious cryptomining attacks.
Recently, threat hunters uncovered two distinct malware campaigns, codenamed Soco404 and Koske.
These campaigns are targeting vulnerabilities and misconfigurations in cloud environments to deploy cryptocurrency miners.
How cool—and terrifying—is that? Our researcher friends from Wiz and Aqua have been on the front lines, revealing how these threats operate. Soco404 is particularly interesting because it targets both Linux and Windows systems, using platform-specific malware.
The clever part? It disguises its malicious activity as legitimate system processes.
Imagine that! The attackers embed their payloads in fake 404 HTML pages hosted on Google Sites.
Thankfully, Google has taken down those bogus sites, but the threat remains. This campaign has been known to exploit weak credentials in services like Apache Tomcat and even targets publicly accessible PostgreSQL instances.
Once they gain access, they can run arbitrary shell commands on the host, achieving remote code execution.
It's like a digital heist, and the attackers are using a variety of tools to scan for exposed services, making their approach highly opportunistic. Now, let's talk about Koske.
This new Linux threat is suspected to have been developed with the help of a large language model.
It uses seemingly innocent images of pandas to propagate the malware.
The attack kicks off by exploiting a misconfigured server, like JupyterLab, to install scripts from JPEG images.
These scripts include a rootkit that hides malicious files and a shell script that downloads cryptocurrency miners.
It's all executed in memory to avoid detection—sneaky, right? The end goal of Koske is to deploy optimized cryptocurrency miners that can mine multiple coins, including Monero and Ravencoin.
The technique they use is fascinating—malicious payloads are appended to valid JPG files, allowing them to bypass antivirus tools.
This isn't just clever; it's a new frontier in the battle between cybersecurity and cyber threats. So, as we wrap up, remember that the landscape of AI and cybersecurity is constantly evolving.
Stay curious and keep on learning how these developments can help us push things forward in this crazy time we're living in.
I'm Veronica and we are Checkmarx.
And as always, until next time - Stay safe. Stay secured.
Veronica MarksChief Storyteller
We just need your phone...After entering the number, the mobile send button will be available to you in all items.
Send to mobileAfter a short one-time registration, all the articles will be opened to you and we will be able to send you the content directly to the mobile (SMS) with a click.
We sent you!The option to cancel sending by email and mobile Will be available in the sent email.00:00
02:46
60% CompleteSoon...
-
CheckmarxUnmasking Soco404 and Koske
02:46Unmasking Soco404 and KoskeHey guys, it's Veronica from Checkmarx.
Today we're diving into the world of malware, specifically two campaigns that are shaking up cloud services with some serious cryptomining attacks.
Recently, threat hunters uncovered two distinct malware campaigns, codenamed Soco404 and Koske.
These campaigns are targeting vulnerabilities and misconfigurations in cloud environments to deploy cryptocurrency miners.
How cool—and terrifying—is that? Our researcher friends from Wiz and Aqua have been on the front lines, revealing how these threats operate. Soco404 is particularly interesting because it targets both Linux and Windows systems, using platform-specific malware.
The clever part? It disguises its malicious activity as legitimate system processes.
Imagine that! The attackers embed their payloads in fake 404 HTML pages hosted on Google Sites.
Thankfully, Google has taken down those bogus sites, but the threat remains. This campaign has been known to exploit weak credentials in services like Apache Tomcat and even targets publicly accessible PostgreSQL instances.
Once they gain access, they can run arbitrary shell commands on the host, achieving remote code execution.
It's like a digital heist, and the attackers are using a variety of tools to scan for exposed services, making their approach highly opportunistic. Now, let's talk about Koske.
This new Linux threat is suspected to have been developed with the help of a large language model.
It uses seemingly innocent images of pandas to propagate the malware.
The attack kicks off by exploiting a misconfigured server, like JupyterLab, to install scripts from JPEG images.
These scripts include a rootkit that hides malicious files and a shell script that downloads cryptocurrency miners.
It's all executed in memory to avoid detection—sneaky, right? The end goal of Koske is to deploy optimized cryptocurrency miners that can mine multiple coins, including Monero and Ravencoin.
The technique they use is fascinating—malicious payloads are appended to valid JPG files, allowing them to bypass antivirus tools.
This isn't just clever; it's a new frontier in the battle between cybersecurity and cyber threats. So, as we wrap up, remember that the landscape of AI and cybersecurity is constantly evolving.
Stay curious and keep on learning how these developments can help us push things forward in this crazy time we're living in.
I'm Veronica and we are Checkmarx.
And as always, until next time - Stay safe. Stay secured.Veronica MarksChief StorytellerWe just need your phone...After entering the number, the mobile send button will be available to you in all items.
Send to mobileAfter a short one-time registration, all the articles will be opened to you and we will be able to send you the content directly to the mobile (SMS) with a click.We sent you!The option to cancel sending by email and mobile Will be available in the sent email.00:00
02:46
60% CompleteSoon...
-
Checkmarx
Unmasking Soco404 and Koske
02:46Unmasking Soco404 and KoskeHey guys, it's Veronica from Checkmarx.
Today we're diving into the world of malware, specifically two campaigns that are shaking up cloud services with some serious cryptomining attacks.
Recently, threat hunters uncovered two distinct malware campaigns, codenamed Soco404 and Koske.
These campaigns are targeting vulnerabilities and misconfigurations in cloud environments to deploy cryptocurrency miners.
How cool—and terrifying—is that? Our researcher friends from Wiz and Aqua have been on the front lines, revealing how these threats operate. Soco404 is particularly interesting because it targets both Linux and Windows systems, using platform-specific malware.
The clever part? It disguises its malicious activity as legitimate system processes.
Imagine that! The attackers embed their payloads in fake 404 HTML pages hosted on Google Sites.
Thankfully, Google has taken down those bogus sites, but the threat remains. This campaign has been known to exploit weak credentials in services like Apache Tomcat and even targets publicly accessible PostgreSQL instances.
Once they gain access, they can run arbitrary shell commands on the host, achieving remote code execution.
It's like a digital heist, and the attackers are using a variety of tools to scan for exposed services, making their approach highly opportunistic. Now, let's talk about Koske.
This new Linux threat is suspected to have been developed with the help of a large language model.
It uses seemingly innocent images of pandas to propagate the malware.
The attack kicks off by exploiting a misconfigured server, like JupyterLab, to install scripts from JPEG images.
These scripts include a rootkit that hides malicious files and a shell script that downloads cryptocurrency miners.
It's all executed in memory to avoid detection—sneaky, right? The end goal of Koske is to deploy optimized cryptocurrency miners that can mine multiple coins, including Monero and Ravencoin.
The technique they use is fascinating—malicious payloads are appended to valid JPG files, allowing them to bypass antivirus tools.
This isn't just clever; it's a new frontier in the battle between cybersecurity and cyber threats. So, as we wrap up, remember that the landscape of AI and cybersecurity is constantly evolving.
Stay curious and keep on learning how these developments can help us push things forward in this crazy time we're living in.
I'm Veronica and we are Checkmarx.
And as always, until next time - Stay safe. Stay secured.Veronica MarksChief StorytellerWe just need your phone...After entering the number, the mobile send button will be available to you in all items.
Send to mobileAfter a short one-time registration, all the articles will be opened to you and we will be able to send you the content directly to the mobile (SMS) with a click. We sent you!The option to cancel sending by email and mobile Will be available in the sent email.00:00
02:46
60% Complete
Show more posts...
Listen on the go
Scan the code with your smartphone to listen later
What do you think?
We’d love to hear your thoughts.
How much did you like it?
Thank you so much!
We are happy to learn and improve for you.
