Jupyter Trojan Resurfaces to Steal Browser Data

The most dangerous and widespread malware Jupyter Trojan is active again. The malware targets businesses and higher education to steal personal as well as private information. Also, it has the ability to execute and download new malware. 

Recently, it has been observed targeting a higher education establishment in the U.S. 

The trojan has been active since May and targets popular web browsers such as Chromium, Firefox, and Chrome browser data. The malware updates itself regularly to improve stealthiness, persistence, and add new spying capabilities.

 

What it does:

 

This trojan creates a persistent backdoor in compromised systems. It allows attackers to execute PowerShell scripts and commands, along with the ability to execute and download new malware.

 

How it spreads:

 

The trojan installer is hidden in a zipped file. It uses Microsoft Word icons and file names, pretending to be important documents, travels details, or pay rise. 

If the installer is executed, it will install genuine tools to hide the real goal of the installation, which is running a malicious installer in temporary folders in the background.

 After being installed on the system, it steals information such as passwords, usernames, cookies, autocompletes, and browsing history. It then sends the stolen data to a command and control server.

 

 

 

Additional insights:

 

Initially, the trojan originates from Russia and is linked to C2 servers located in the same region. The motive of the cybercriminals behind this trojan could be stealing highly sensitive data or selling login credentials to other cybercriminals.

 

Recommendations:

 

  • The campaign is ongoing; therefore, organizations need to spread awareness among its employees to face such threats.
  • It is suggested to use a reliable anti-malware solution and encrypting important information.
  • Users are required to block spam emails using email gateways.
  • An organization should provide training to employees to spot malicious emails.
  • It is highly recommended to update your browser as soon as possible.
  • Always set a strong password for personal security and change it timely. Avoid making the same password for more than one application.