New malware discovered which steals user personal information: jupyter trojan
A newly uncovered trojan malware campaign is targeting businesses and better education in what appears to be an effort to steal usernames, passwords and other private information also as creating a persistent backdoor onto compromised systems.
Jupyter infostealer has been detailed by cybersecurity company Morphisec who discovered it on the network of an unnamed education establishment within the US. It’s thought the trojan has been active since the pandemic period this year.
The attack mainly targets the browsers such as Chromium, Firefox, and Chrome browsing data, but also it has additional capabilities for opening up a backdoor on compromised systems, allowing attackers take the hold and to execute PowerShell scripts and commands, and also provides the power to download and execute additional malware.
The Jupyter installer is disguised during a zipped file, often using Microsoft Word icons and file names that appear as if they have to be urgently opened, concerning important documents, travel details or a pay rise.
If the installer is run, it’ll install legitimate tools in an attempt to cover the important purpose of the installation – downloading and running a malicious installer into temporary folders within the background.
Once fully installed on the system Jupyter steals crucial information including usernames, passwords, autocompletes, browsing history and cookies and sends them to a command and control their system’s server. Analysis of the malware showed that whoever created it constantly changes the code to gather more and more information while also making it harder for victims to detect it and to overcome it.
It isn’t clear what the actual motive for stealing the knowledge is, but cyber criminals could use it to realize additional access to networks for further attacks – and potentially stealing sensitive data – or they might sell login credentials and backdoor access to systems to other criminals who can access them.
The researchers believe that Jupyter originates from Russia. Not only did analysis of the malware reveal that it linked to command and control servers in Russia, but reverse image searching of the world Jupiter in infostealer’s admin panel revealed the first to return from a Russian-language forum. This image is additionally spelled Jupyter, likely a Russian to English misspelling of the planet’s name.
While many of the command servers are now inactive, the admin panel remains live, suggesting that Jupyter campaigns might not be finished yet.