Jupyter Malware: What You Should Know…


October 5, 2021

There’s a .NET info-stealer making the rounds. It’s called Jupyter, and it’s very good at avoiding end-point protection software.
Originally discovered in November of 2020, Jupyter (originally called Solarmaker) is designed to steal browsing data and login credentials from Google Chrome, Chromium, and Mozilla Firefox.
Jupyter has fairly robust back door capabilities to help it do its dirty work.

It specifically uses a PDF application called Nitro Pro to hide its installer payload and avoid anti-malware software. The process is further hidden behind a third-party packaging wizard called Advanced Installer.

By using the legitimate binary of Nitro Pro 13, and in two legitimately signed certificates (apparently stolen from a company in Poland) Jupyter installs its nefarious .NET module.

You can read more about Jupyter over at Morphisec’s blog (https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer). It’s pretty interesting and includes a lot more technical information.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

How the Best IT Companies in Minnesota Support the Hybrid Workforce

How the Best IT Companies in Minnesota Support the Hybrid Workforce

After the initial shutdowns and stay-at-home orders lifted following COVID-19, workers throughout the United States and Minnesota decided that the work-from-home model was here to stay. It makes sense -- working from home offers a lot of convenience to your team – and...

Do I Need To Improve My Endpoint Protection?

Do I Need To Improve My Endpoint Protection?

A compromised endpoint gives hackers everything they need to get a foothold in your security network. Once there, they can steal data and potentially hold it for ransom. That’s why it’s so important for business owners to secure their critical endpoints (including...

Multi-Factor Authentication

Multi-Factor Authentication

Granting access to information is a necessity, as is security for both the user needing access and for the information for which access is being granted. The best way to handle this is by establishing user accounts for users. This does several things at once: Allows...