Friday, February 26, 07:59
Home security The new Jupyter trojan steals usernames and passwords

The new Jupyter trojan steals usernames and passwords

Jupiter trojan

Security researchers from Morphisec they found one malware campaign using a relatively new one trojan and targets businesses and higher education institutions. Its purpose is to steal usernames, passwords access and other personal information. It also has the ability to create one permanent backdoor on compromised systems. The trojan is called Jupyter and was discovered in the network of a higher education institution in the USA. Researchers believe that malware used at least since May.

The attack is primarily aimed at data from Chromium, Firefox and Chrome browser, but also creates one backdoor in breached systems, allowing attackers to execute PowerShell scripts and commands, as well as download and run other malware.

The Jupyter installer is disguised as one file zip, and often uses its icons Microsoft Word or has a specific file name that creates the feeling that it needs to be opened urgently (important document).

If the installer runs, will install legitimate tools in an attempt to hide the real purpose of installation - download. Subsequently, runs malicious programs on temporary folders in the background.

When the complete installation is done in his system victim, the Jupyter trojan steals information it contains usernames, passwords, browsing history and cookies and sends them to a command and control server, apparently controlled by criminals. According to researchers, the creator of the Jupyter trojan constantly changes the code to collect more information, while trying to complicate the detection process.

At the moment, the purpose of the criminals behind the Jupyter trojan is not clear. Most likely, they use it to steal information and obtain it further access to networks of businesses and educational institutions. In addition, they could steal extremely sensitive and important data to sell them to other criminals (giving them access to victims' networks).

Morphisec researchers believe that the Jupyter trojan comes from Russia. Analyzes showed that the malware was connected to command and control servers located in Russia. Further analyzes showed relations with a Russian hacking forum.

Many of the command servers are currently inactive, but the admin panel is still active. This means that malware campaigns using Jupyter are likely to continue.

Source: ZDNet

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Wear OS: The phrase "OK Google" has not worked for months

The Wear OS smartwatch suddenly stopped responding to the "OK Google" command, do not worry you are not the only one experiencing this ...

Telegram: Automatically deletes messages with a timer

Telegram releases a new update for the iOS and Android application that brings features such as automatic deletion of messages, chat widget ...

Google is funding two developers to focus on Linux security

Linux is more secure than most operating systems, but that does not mean that its security can be taken for granted ....

AI can write a university paper in 20 minutes

AI can do many things extremely well. Something that can do relatively well is to write a university ...

Kali Linux 2021.1 has been released with new features!

Kali Linux closed last year with the release of v2020.4. The manufacturer Offensive Security has now announced a new ...

NASA's Perseverance sends new image from landing on Mars

One of the most important achievements in space exploration in recent years is the landing of the Perseverance rover on its surface ...

Google: Switch to the new Pay app to access it

Last year, the Google Pay application released a new updated interface, however many users did not choose it and remained in the old one, since they had ...

US Federal Reserve: Where does the shutdown come from?

On February 24, the US Federal Reserve (FED) suffered extensive interruptions in many of its payment services, including a system in which ...

USA: SolarWinds hackers "hit" NASA and FAA!

NASA and the US Federal Aviation Administration (FAA) have been cyber-attacked by hackers who "hit" SolarWinds, according to a report ...

Australia: Facebook and Google will pay for the news

We have recently witnessed a dispute between Facebook and Australia over news content on the platform. And...