The New Jupyter Trojan Threatens Your Passwords and Usernames

Researchers with Morphisec have discovered a new strain of malware. The new threat is a Trojan named Jupyter and primarily targets businesses and educational institutions.

Jupyter attempts to steal login credentials and install backdoors on the compromised systems to allow further malicious activity on part of the bad actors behind it. The original discovery of the new malware was made only recently, on the network of an American educational institution, but researchers believe it was in use as early as the spring of 2020.

Jupyter's primary functionality is to target popular browsers and scrape login credentials from stored browser data. However, it can also create persistent backdoors on the affected systems, giving bad actors the ability to run PowerShell scripts and install further malware packages on the victim's system.

The Jupyter installer is usually distributed with a fake compressed file icon. The bad actors behind it employ typical social engineering tactics, naming the file to look like something that is either exciting or urgent. Once the malware's installer is executed, it actually installs legitimate tools to hide the actual malicious payload download, which happens quietly in the background.

Once the payload is deployed on the victim's system, the Trojan can scrape all sorts of browser information, including saved autocomplete strings, login credentials and cookies. This information is then transferred to one of Jupyter's command and control servers operated by the cybercriminals.

The purpose of this sort of data collection is most likely not re-sale of the stolen information but rather collecting sufficient data to launch a deeper, more invasive and damaging attack, infiltrating the compromised network.

Security researchers believe the malware originates from Russia, as tracing its connection to command and control servers revealed locations in Russia and an image associated with the malware's control panel is also found on a Russian forum.

November 23, 2020

Leave a Reply