{"id":218760,"date":"2025-07-26T04:10:01","date_gmt":"2025-07-26T09:10:01","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/soco404-and-koske-malware-target-cloud-services-with-cross-platform-cryptomining-attacks"},"modified":"2025-07-26T04:10:01","modified_gmt":"2025-07-26T09:10:01","slug":"soco404-and-koske-malware-target-cloud-services-with-cross-platform-cryptomining-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/soco404-and-koske-malware-target-cloud-services-with-cross-platform-cryptomining-attacks","title":{"rendered":"Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/soco404-and-koske-malware-target-cloud-services-with-cross-platform-cryptomining-attacks.jpg\"><\/a><\/p>\n<p>Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners.<\/p>\n<p>The threat activity clusters have been codenamed <strong>Soco404<\/strong> and <strong>Koske<\/strong> by cloud security firms Wiz and Aqua, respectively.<\/p>\n<p>Soco404 \u201ctargets both Linux and Windows systems, deploying platform-specific malware,\u201d Wiz researchers Maor Dokhanian, Shahar Dorfman, and Avigayil Mechtinger <a href=\"https:\/\/www.wiz.io\/blog\/soco404-multiplatform-cryptomining-campaign-uses-fake-error-pages-to-hide-payload\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cThey use process masquerading to disguise malicious activity as legitimate system processes.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 \u201ctargets both Linux and Windows systems, deploying platform-specific malware,\u201d Wiz researchers Maor Dokhanian, Shahar Dorfman, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34],"tags":[],"class_list":["post-218760","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=218760"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218760\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=218760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=218760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=218760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}