In 2020, Morphisec introduced the Jupyter infostealer , a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes under the radar of security solutions. Following this discovery, the Morphisec Labs team has been made aware of multiple high-level targets that are under threat from the Jupyter infostealer. We are currently investigating the scope of the campaign.
The blog post that follows outlines the new delivery chain, showcasing how threat actors continue to develop their attacks to become more efficient and evasive.