Koske malware: What exactly was 'misconfigured' in exploited JupyterLab instances?

There’s this Koske malware that exploits ‘misconfigured’ public JupyterLab instances, e.g. described here:

• New Koske Linux malware hides in cute panda images
• (also undercodenews, can only post 2 links currently)

Annoyingly, articles just state ‘misconfigured’, not mentioning any details. Last year public unauthenticated jupyterlabs were ‘exploited’ (but honestly that’s not really an exploit, that’s just an invite ):

• Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Does anyone know details about the Koske entry point via JupyterLab? Is it really as blunt as people running it publicly, unencrypted and unauthenticated?

You are right. Sorry for not clarifying this in the article.
In this case unauthenticed JupyterLab connected to the internet. As someone said here it’s a stupid thing to do. People do that.
In addition people use easy to guess passwords (123456), we also have these kinds of honeypots, lastly vulnerable honeypots that enable remote code execution.
At the end of the day we are trying to figure out what the attackers are doing and not how they get in because they always find ways to get in.