1 min read

Jupyter Malware: What You Should Know...

Featured Image


There's a .NET info-stealer making the rounds. It's called Jupyter, and it's very good at avoiding end-point protection software.
Originally discovered in November of 2020, Jupyter (originally called Solarmaker) is designed to steal browsing data and login credentials from Google Chrome, Chromium, and Mozilla Firefox.
Jupyter has fairly robust back door capabilities to help it do its dirty work.

It specifically uses a PDF application called Nitro Pro to hide its installer payload and avoid anti-malware software. The process is further hidden behind a third-party packaging wizard called Advanced Installer.

By using the legitimate binary of Nitro Pro 13, and in two legitimately signed certificates (apparently stolen from a company in Poland) Jupyter installs its nefarious .NET module.

You can read more about Jupyter over at Morphisec's blog (https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer). It's pretty interesting and includes a lot more technical information.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don't forget to follow us on LinkedIn and Twitter

Are Passkeys the Future? Apple Seems to Think So...

It's no secret that passwords are a pain in the butt. They can be difficult to remember, they're a huge target for cybercriminals, etc.

Read More

Alert: Follina aka CVE-2022-30190

A newly discovered exploit is using a flaw in Microsoft's Support Diagnostic Tool (MSDT) to remotely take over end-points via compromised Word...

Read More

Chaos/Yashma: The Torrid Tale of a GUI Based Ransomware Builder...

It used to take a good deal of coding knowledge to build a website or an application. That's not the case anymore. You can build a website in...

Read More