A group of threat actors are spreading new malware to steal sensitive information from their victims, using real-looking but fake software…
A ring of Russian-speaking hackers have been deploying a new malware variant named Jupyter. Thus far, the group has enjoyed much success by keeping a low profile and benefiting from a fast development cycle. At its core, the malicious code is designed to collect data from various types of software. But, it can also be used to create backdoors within infected systems.
New Jupyter Malware Steals Browser Data and Opens Backdoors
The malware is thought to have first emerged during an incident response engagement in October at a university in the United States. However, forensic data does indicate earlier versions have been around since May. Researchers at cybersecurity company Morphisec discovered the cybercriminals were highly active, with some components receiving over nine updates in a single month.
The most recent version was probably created earlier in the month, but it doesn’t include any significant changes. Although, the constant code modification allows it to evade detection, which enabled Jupyter to collect more data from compromised systems. Jupyter is able to steal cookies, credentials, certificates, and autocomplete information from Chromium, Mozilla Firefox, and Google Chrome web browsers.
As usual, the hackers behind Jupyter, like many other threat actors, spread the malware by using phony software programs disguised to look just like legitimate ones.