Experts Insight On Jupyter Trojan – Newly Discovered Malware Stealthily Steals Usernames And Passwords

The cybersecurity company Morphisec has discovered Jupyter infostealer on the network of an unnamed higher education establishment in the US. A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. The trojan has the capability to target Chromium, Firefox, and Chrome browser data but also can open a backdoor on compromised systems, allowing attackers to execute PowerShell scripts and commands, as well as the ability to download and execute additional malware.

Experts Comments

November 17, 2020
Tony Lambert
Intelligence Analyst
Red Canary
Jupyter is an excellent example of the issues that can arise when end users install software from untrustworthy sources. In some instances, end users searched Google for templates or types of documents before getting led to malicious downloads. Jupyter uses legitimate tools like Inno Setup--which is free and widely used for software packaging and installation on Windows--to facilitate deployment In every case of Jupyter we’ve seen, there has been a liberal amount of PowerShell use and this .....Read More
Jupyter is an excellent example of the issues that can arise when end users install software from untrustworthy sources. In some instances, end users searched Google for templates or types of documents before getting led to malicious downloads. Jupyter uses legitimate tools like Inno Setup--which is free and widely used for software packaging and installation on Windows--to facilitate deployment In every case of Jupyter we’ve seen, there has been a liberal amount of PowerShell use and this presents the best point of detection forJupyter. A lot of defense evasion happens here, because the malware binary itself is obfuscated while at rest on disk. During malware execution, PowerShell reads the obfuscated malware into memory, deobfuscates it, and loads the malware for execution. Security teams should monitor for evidence of Powershell execution by Jupyter. If evidence is present, be mindful of PowerShell instances within your organization's network that use `frombase64string` and `[System.Reflection.Assembly]::Load` code in their command lines.  Read Less
November 17, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Jupyter infostealer is just the latest in an ongoing series of new malware attacks by the bad actors of the world. The new malware strain underscores the need for companies to keep their systems, apps, and browsers updated to the latest version, in order to guard against malware infections. Employee training is another important factor in the fight against malware, as employees and executives need to be trained on the dangers of opening attachments or links in emails and messages.
November 17, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
Once more, individuals are being tested on their attention to detail. This time, users are having to spot malware disguised as documents. Using the file icon and a name that suggests urgency (e.g a pay raise, travel details, etc.), the user might be compelled to open the document just to read what is written. Even though the malware has a file icon, it is still executable with the file type exe. However, if you are hiding file extensions you might not even see this little scam. The malware is.....Read More
Once more, individuals are being tested on their attention to detail. This time, users are having to spot malware disguised as documents. Using the file icon and a name that suggests urgency (e.g a pay raise, travel details, etc.), the user might be compelled to open the document just to read what is written. Even though the malware has a file icon, it is still executable with the file type exe. However, if you are hiding file extensions you might not even see this little scam. The malware is an information-stealing trojan, taking data from your Chromium, Firefox or Chrome browsers. In addition, it is a C2 client that can execute PowerShell scripts and install further malware. Therefore, be careful when opening any documents. A word of advice: it is better to stop and think twice before you act.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.