يتم توزيع الإصدار الجديد من البرنامج الضار Jupyter من خلال أداة تثبيت MSI

Security researchers talked about a new version of the Jupyter malware, an info-stealer written in the .NET programming language that is known for attacking only medical and educational organizations.

The new chain of infection, discovered by the specialists of the information security company Morphisec on September 8, 2021, not only confirms the ongoing activity of the malware, but also demonstrateshow cybercriminals continue to develop their attacks to make them more effective and elusive.

First documented in November 2020, ال Jupyter (also known as Solarmarker) malware was allegedly created by Russian developers and is designed to steal data from Firefox, Chrome and Chromium-based browsers.

Jupyter is an infostealer that primarily targets Chromium, ثعلب النار, and Chrome browser data. لكن, its attack chain, delivery, and loader demonstrate additional capabilities for full backdoor functionality.Morphisec researchers wrote.

فضلاً عن ذلك, the malware is a full-fledged backdoor and is capable of stealing data and uploading it to a remote server, uploading and executing payload. According to Morphisec, new versions of Jupyter have started to appear since May 2020.

Jupyter developer is constantly modifying and supplementing the original Jupyter in an effort to collect as much information as possible about the compromised machines. It is not yet clear what the ultimate goal of this campaign is, but in theory, stolen data can be used for sale, and hackers can use compromised machines as entry points into companies’ networks for further attacks.يكتب الباحثون.

In August 2021, Cisco Talos experts attributed the attacks toa truly highly skilled attacker, primarily aimed at stealing credentials and other data.

In February of this year, cybersecurity company CrowdStrike described the malware as packaged in a multi-stage, heavily obfuscated PowerShell loader, which leads to the execution of a backdoor on .NET.

Although previous attacks used legitimate files of well-known software such as Docx2Rtf and Expert PDF, the recently discovered chain of infections began to use the Nitro Pro PDF application.

The attack begins by deploying an MSI installer that is over 100 MB in size, allowing attackers to bypass anti-virus solutions. The installer is obfuscated using the third-party Advanced Installer application packer.

Once the MSI is launched, a PowerShell downloader is executed embedded in a legitimate Nitro Pro 13 file, the two versions of which are signed with authentic digital certificates from a valid company in Poland. أخيراً, the loader decodes and runs the .NET Jupyter module in memory.

Let me remind you that I also talked about the fact that تم توزيع Swarez Trojan وDropper تحت ستار 15 العاب شعبية.

هيلجا سميث

كنت دائمًا مهتمًا بعلوم الكمبيوتر, خاصة أمن البيانات والموضوع, وهو ما يسمى في الوقت الحاضر "علم البيانات", منذ سنوات مراهقتي المبكرة. قبل الانضمام إلى فريق Virus Removal كرئيس تحرير, عملت كخبير في الأمن السيبراني في العديد من الشركات, بما في ذلك أحد مقاولي أمازون. تجربة أخرى: لقد حصلت على التدريس في جامعات أردن وريدينج.

اترك رد

هذا الموقع يستخدم Akismet للحدّ من التعليقات المزعجة والغير مرغوبة. تعرّف على كيفية معالجة بيانات تعليقك.

زر الذهاب إلى الأعلى