Threat hunters have revealed two malware campaigns, Soco404 and Koske, which exploit cloud vulnerabilities to deploy cryptocurrency miners across Linux and Windows systems. These campaigns utilize diverse techniques, including fake web pages and memory-only payloads, to maximize reach and evade detection. #Soco404 #Koske
Keypoints
- Soco404 targets both Linux and Windows, deploying platform-specific malware to mine cryptocurrency.
- The malware uses fake 404 HTML pages hosted on Google Sites to distribute payloads.
- Exposure of cloud services like PostgreSQL, Apache Tomcat, and Atlassian Confluence are exploited for initial access.
- Koske employs polyglot file abuse and memory-only payloads, including hidden rootkits, to evade detection.
- The campaigns are part of broader crypto-scam infrastructure targeting multiple server vulnerabilities.
Read More: https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html