Jupyter Trojan Resurfaces to Steal Browser Data

November 25, 2020

The most dangerous and widespread malware Jupyter Trojan is active again. The malware targets businesses and higher education to steal personal as well as private information. Also, it has the ability to execute and download new malware.

Recently, it has been observed targeting a higher education establishment in the U.S.

The trojan has been active since May and targets popular web browsers such as Chromium, Firefox, and Chrome browser data. The malware updates itself regularly to improve stealthiness, persistence, and add new spying capabilities.

What it does:

This trojan creates a persistent backdoor in compromised systems. It allows attackers to execute PowerShell scripts and commands, along with the ability to execute and download new malware.

How it spreads:

The trojan installer is hidden in a zipped file. It uses Microsoft Word icons and file names, pretending to be important documents, travels details, or pay rise.

If the installer is executed, it will install genuine tools to hide the real goal of the installation, which is running a malicious installer in temporary folders in the background.

After being installed on the system, it steals information such as passwords, usernames, cookies, autocompletes, and browsing history. It then sends the stolen data to a command and control server.

Additional insights:

Initially, the trojan originates from Russia and is linked to C2 servers located in the same region. The motive of the cybercriminals behind this trojan could be stealing highly sensitive data or selling login credentials to other cybercriminals.

Recommendations:

The campaign is ongoing; therefore, organizations need to spread awareness among its employees to face such threats.
It is suggested to use a reliable anti-malware solution and encrypting important information.
Users are required to block spam emails using email gateways.
An organization should provide training to employees to spot malicious emails.
It is highly recommended to update your browser as soon as possible.
Always set a strong password for personal security and change it timely. Avoid making the same password for more than one application.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Jupyter Trojan Resurfaces to Steal Browser Data

Security Team

Related Posts

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Our Offices

Corporate Office (HO):

UK Office:

Registered Office (Delhi):

Noida Office:

Phone:

Email

Click To Download

Download CyberSRC Services & Portfolio & Datasheets

Download Case Studies

Download Company Brochure