Rising Threat: Jupyter Malware Variant Targets Browsers, Crypto-Wallets with Sophisticated Evasion Techniques

Security researchers have identified a significant uptick in attacks by a new, more sophisticated variant of the Jupyter malware, targeting popular browsers and crypto-wallets with advanced evasion techniques. This variant, also known as Yellow Cockatoo, Solarmarker, and Polazert, has been active since at least 2020 but has seen a resurgence with enhancements that make it harder to detect.

A Persistent Data-Stealing Cyber Threat

VMware's Carbon Black team recently observed the malware leveraging PowerShell command modifications and legitimate-looking, digitally signed payloads to infect a growing number of systems. These modifications enhance Jupyter's evasion capabilities, allowing it to backdoor machines and harvest a variety of credential information without detection. Morphisec and BlackBerry have further detailed its capabilities, including support for command and control communications and the execution of PowerShell scripts and commands, highlighting its function as a full-fledged backdoor.

Jupyter: Getting Around Malware Detection

The recent attacks have seen the Jupyter operator using valid certificates to digitally sign the malware, making it appear legitimate to malware detection tools. VMware researchers noted the malware's use of SEO poisoning and search engine redirects as part of its attack chain, demonstrating its sophisticated credential harvesting and encrypted communication capabilities. Abe Schneider, threat analyst lead at Carbon Black, highlighted new improvements to the infostealer, including the use of an installer called InnoSetup, which serves as the first payload delivered to victim devices.

A Troubling Increase in Infostealers

Jupyter's resurgence is part of a broader, concerning trend in the rise of infostealers, exacerbated by the shift to remote work during the COVID-19 pandemic. Organizations like Red Canary and Uptycs have reported sharp increases in infostealer distribution, with attackers leveraging the malware to gain quick, persistent, and privileged access to enterprise networks and systems. The demand for stolen data on criminal forums remains high, underscoring the ongoing threat posed by these malicious actors.

This resurgence of Jupyter and the evolution of infostealers reflect the dynamic and persistent threat landscape facing individuals and organizations alike. The continued innovation by cybercriminals necessitates vigilant, sophisticated cybersecurity measures to protect sensitive information from these increasingly cunning threats.