New Jupyter Malware Is A Blend of Infostealer And Backdoor

As new threats keep emerging, researchers have found new malware in the wild. Identified as Jupyter, the malware isn’t only an infostealing trojan but also possesses full backdoor functionality.

Jupyter Malware Emerges As The Latest Threat

Researchers from Morphisec discovered the Jupyter malware during an incident response on the network of a US higher education institution.

Elaborating the details in a blog post, the researchers described Jupyter as a potent infostealer. It targets browsers like Chromium, Firefox, and Chrome to steal data, precisely, the users’ login credentials.

However, its maliciousness doesn’t end with stealing data only. As per the analysis, the malware bears the functionalities of a backdoor as well. It means that, when established on a target system, Jupyter can download and execute other malware, has a dedicated C&C, executes PowerShell scripts and commands, and more.

Briefly, the malware reaches the target system when a zipped file reaches the system that includes an executable mimicking an otherwise legit software, and an installer. These installers have managed to stay under the radar with little to no detections on VirusTotal. Hence, they can easily bypass security checks.

After that, the executable serves as a loader further leading to Jupyter malware execution and infection.

More technical details are available in the researchers’ post.

Beware As The Campaign Goes On

According to Morphisec’s findings, the malware campaign started off in May 2020. Since then, it has remerged with different variants of Jupyter.

While many C&C servers have gone down, mapping the details hint at the possible origin of the campaign in Russia. Whereas, some other C&C servers still remain live.

Hence, it seems the malware campaign is going on and may target anyone at any time in the future. Therefore, all users need to ensure thorough security of their personal and business systems and corporate networks to prevent the malware from entering in the first place.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients