Experts Insight On Jupyter Trojan – Newly Discovered Malware Stealthily Steals Usernames And Passwords

By   ISBuzz Team
Writer , Information Security Buzz | Nov 17, 2020 04:03 am PST

The cybersecurity company Morphisec has discovered Jupyter infostealer on the network of an unnamed higher education establishment in the US. A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. The trojan has the capability to target Chromium, Firefox, and Chrome browser data but also can open a backdoor on compromised systems, allowing attackers to execute PowerShell scripts and commands, as well as the ability to download and execute additional malware.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tony Lambert
Tony Lambert , Intelligence Analyst
November 17, 2020 1:29 pm

Jupyter is an excellent example of the issues that can arise when end users install software from untrustworthy sources. In some instances, end users searched Google for templates or types of documents before getting led to malicious downloads. Jupyter uses legitimate tools like Inno Setup–which is free and widely used for software packaging and installation on Windows–to facilitate deployment

In every case of Jupyter we’ve seen, there has been a liberal amount of PowerShell use and this presents the best point of detection forJupyter. A lot of defense evasion happens here, because the malware binary itself is obfuscated while at rest on disk. During malware execution, PowerShell reads the obfuscated malware into memory, deobfuscates it, and loads the malware for execution.

Security teams should monitor for evidence of Powershell execution by Jupyter. If evidence is present, be mindful of PowerShell instances within your organization\’s network that use `frombase64string` and `[System.Reflection.Assembly]::Load` code in their command lines.

Last edited 3 years ago by Tony Lambert
Chris Hauk
Chris Hauk , Consumer Privacy Champion
November 17, 2020 12:07 pm

Jupyter infostealer is just the latest in an ongoing series of new malware attacks by the bad actors of the world.

The new malware strain underscores the need for companies to keep their systems, apps, and browsers updated to the latest version, in order to guard against malware infections.

Employee training is another important factor in the fight against malware, as employees and executives need to be trained on the dangers of opening attachments or links in emails and messages.

Last edited 3 years ago by Chris Hauk
Boris Cipot
Boris Cipot , Senior Sales Engineer
November 17, 2020 12:05 pm

Once more, individuals are being tested on their attention to detail. This time, users are having to spot malware disguised as documents. Using the file icon and a name that suggests urgency (e.g a pay raise, travel details, etc.), the user might be compelled to open the document just to read what is written. Even though the malware has a file icon, it is still executable with the file type exe. However, if you are hiding file extensions you might not even see this little scam. The malware is an information-stealing trojan, taking data from your Chromium, Firefox or Chrome browsers. In addition, it is a C2 client that can execute PowerShell scripts and install further malware. Therefore, be careful when opening any documents. A word of advice: it is better to stop and think twice before you act.

Last edited 3 years ago by Boris Cipot

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x