Hackers Use Panda Photos to Spread AI Malware - 1

Image by Freepik

Hackers Use Panda Photos to Spread AI Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Security researchers have identified a powerful Linux malware called Koske, which they say may have been developed with artificial intelligence

In a rush? Here are the quick facts:

  • Koske malware spreads via panda JPEGs containing hidden rootkits.
  • Researchers suspect Koske’s code was generated with artificial intelligence.
  • It bypasses antivirus tools and hides processes using system manipulation.

Aqua Nautilus discovered this sophisticated, persistent cryptomining tool, which spreads through weaponized image files, specifically, JPEGs of pandas.

“The line between human and machine-generated threats is starting to blur,” Aqua’s Assaf Morag warned. Koske exploits misconfigured servers, particularly JupyterLab instances, and uses dual-purpose image files to hide its payload.

The files appear as normal images, yet they contain programming code that establishes rootkits and shell scripts directly into a system’s memory, bypassing traditional antivirus tools.

Rahjerdi and the team discovered that the malware modifies system files such as ‘.bashrc’ and establishes harmful cron jobs and systemd services, which maintain its operation after system restarts. The attackers modify network configurations, DNS settings, and security rule configurations to keep access open while evading detection.

The malware contains a rootkit that uses ‘LD_PRELOAD’ to hijack the Linux ‘readdir()’ function while embedded within a panda image. The infected files, together with processes, become completely invisible to users. The malware retrieves cryptomining tools from a GitHub repository created solely for this purpose..

The malware can even adapt in real-time by testing proxies and switching mining targets based on hardware capabilities.

“Koske represents a chilling benchmark in the evolution of malware,” Morag said. “It signals a future where malware authors harness AI to outpace traditional defenses,” Morag concluded.

Tea App Breach Exposes 1.1M Private Messages in Second Major Security Flaw - 2

Image by Kev Costello, from Unsplash

Tea App Breach Exposes 1.1M Private Messages in Second Major Security Flaw

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Tea, the women’s dating app, suffered its second data breach, revealing over one million private messages containing personal details.

In a rush? Here are the quick facts:

  • Tea app’s second breach exposed 1.1 million private user messages.
  • Sensitive chats include discussions on cheating, abortions, and phone numbers.
  • Real identities were easy to uncover despite anonymous usernames.

This new breach exposed 1.1 million private messages between users, which revealed conversations about cheating partners, abortions, and personal details including phone numbers.

The independent researcher Kasra Rahjerdi discovered this issue, which 404Media then reviewed and verified the data.

Unlike the first breach , which involved an old Firebase database, this latest exposure involved a newer database and included messages as recent as last week. According to Rahjerdi, the flaw allowed any Tea user to use their API key to access the private chats.

“It’s hard to overstate how sensitive this data is and how it could put Tea’s users at risk if it fell into the wrong hands,” 404 Media wrote.

The anonymity feature on Tea did not protect users, since it was fairly simple to reveal their identities through their message content, such as sharing names, social media profiles, and phone numbers.

Some conversations include women discovering they’re dating the same man, others discuss abortions, or identify cheating partners by describing their cars. “I am his wife,” one message says. In another, a woman warns others about her fiancé.

Tea, which has over 1.6 million users and recently topped the App Store, says it has launched an investigation and contacted law enforcement. “We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms,” a spokesperson told 404 Media.

The issue persisted until late last week, according to the researcher.