The researchers of VMware have identified and analyzed a new variant of the malware Jupyterand infostealer already quite well known among experts in the sector.
The malicious agent, considered a real threat to browser users like Chrome, Firefox ed Edgehas been active on the scene since 2020. Through its backdoor functions, Jupyter is able to steal a large amount of sensitive information from victims, affecting the password manager del browser, crypto walletsremote access apps and more.
The new variant of infostelaer, however, appears to be even more dangerous. This in fact acts on comandi PowerShell e payload with digital signature, therefore not arousing particular suspicions. The activity of the new version of Jupyter seems to have started last October, with a trend that denotes a worrying growth.
VMware, through its blog, wanted to report this escalation, underlining how the use of certificates represents a turning point for the already feared infostealer.
The Jupyter infostealer works like a backdoor
Morphisec e BlackBerry, two other cybersecurity companies, have been keeping malware under control for some time. In their reports, they highlighted how this malicious agent works as a real backdoor, complete with support for command and control communications and how loader for other malware, all accompanied by advanced techniques to evade detection.
The cybercriminals running the operation have also proven adept at dissemination. The carriers used, in fact, include phishing e SEO poisoningwith the clear aim of directing victims to malicious websites, designed to push unsuspecting victims into downloading the malware.
How can risks be avoided or, as far as possible, limited? In addition to installing and using a antivirus at a high level, prudence remains essential to avoid infostealers of this type. Pay close attention to the emails you receive and, specifically, to attachments e link to external sites, can undoubtedly help prevent infections of this type.