Hackers are using AI and panda images to infect Linux machines -- here's how

Aqua Security’s Nautilus research team has identified a new Linux malware called "Koske" which may be the first publicly documented case of AI-assisted malware.

Disguised as innocent Jpeg images of pandas, Koske delivers cryptominers and a stealth rootkit using code that appears shaped by large language models, suggesting attackers are now adopting the same AI tools defenders use.

SEE ALSO: Matanbuchus 3.0 is a serious malware threat spread via Microsoft Teams

The malware campaign begins with attackers exploiting a misconfigured JupyterLab instance. From there, they download dual-use image files from free hosting services.

These Jpegs contain hidden shell scripts and compiled C code appended at the end, a method known as polyglot file abuse.

Unlike steganography, which hides malicious content inside image data, this technique simply tacks on executable code to the end of the file.

The malware then executes these components directly in memory, making them hard to detect with traditional antivirus tools.

The initial payload includes a script that quietly embeds itself into various parts of the Linux system to maintain persistence. This includes editing .bashrc and .bash_logout files, modifying /etc/rc.local, and creating a custom systemd service.

The malware also sets up cron jobs to run on reboot and every 30 minutes, ensuring its presence even after system restarts.

One of the most concerning features of Koske is its second payload, a userland rootkit hidden inside another panda image.

Written in raw C, this rootkit hijacks the readdir() function through the LD_PRELOAD environment variable. This allows it to hide its files, directories, and processes from standard monitoring tools like ls or ps.

By filtering out any items named "koske," "hideproc," or similar, it conceals its presence from administrators.

The use of shared memory locations such as /dev/shm further complicates detection, as it avoids writing to disk where forensic tools typically look.

Koske also attempts to sidestep network defenses. It resets proxy settings, flushes iptables firewall rules, and replaces the system’s DNS settings with Google and Cloudflare servers, locking them with chattr +i to prevent changes. This ensures that its command-and-control traffic can escape most local network restrictions.

The malware doesn’t stop at persistence and stealth. It also demonstrates adaptive behavior that suggests AI assistance.

Koske uses a script named get_working_proxy to run layered diagnostics and automatically resolve network issues. If GitHub access fails, it methodically flushes firewall rules, resets proxy configurations, and tests various SOCKS5 and HTTP proxies pulled from online lists.

These troubleshooting and remediation features point toward automation capabilities that go beyond standard malware.

Its mining logic is also versatile. Koske evaluates the host’s hardware to determine whether to deploy a CPU or GPU miner, then selects from 18 supported cryptocurrencies, including Monero, Ravencoin, and Nexa.

If mining fails, the malware can switch to alternative coins or pools without intervention. The binary miner appears to be hosted on a GitHub account created solely for this campaign, reinforcing the idea of purpose-built infrastructure.

AI attacking Linux

Several elements of the codebase stand out as possible indicators of AI assistance. Aqua Security says the scripts are verbose and well-commented, the logic is clean and modular, and the code reflects common defensive programming techniques.

Some functions also contain Serbian-language strings, possibly as a way to mask origin or redirect attribution.

The Aqua Security team believes Koske is a preview of a much larger shift in cyber threats. While organizations have begun adopting AI for detection and automation, attackers may now be doing the same.

AI can generate polymorphic code, build in adaptive features, and obscure linguistic signatures, all of which make attribution and detection harder.

To respond to this type of evolving threat, Aqua recommends close monitoring of shell file modifications and unusual startup activity. Changes to DNS settings or the creation of new systemd services should trigger alerts.

Container security tools should also be configured to block execution of unknown binaries and prevent rootkit injection.

Koske is not just another cryptominer, Aqua warns. It is part of a larger trend where malware evolves in sophistication not only through human ingenuity but also with the aid of AI. Whether that AI is used to refine code, improve stealth, or adapt to host environments, the implications are that attackers are learning fast, and defenders must be ready to respond.

What do you think about the rise of AI-assisted malware? Let us know in the comments.