Jupyter

Malware updated 15 hours ago (2024-10-17T13:02:04.127Z)
Download STIX
Preview STIX
Jupyter, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, is a sophisticated malware that has been evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs), exploiting vulnerabilities in services like Docker, Redis, Kubernetes, and Jupyter. The malware infiltrates these systems, often without the user's knowledge, through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware exploits vulnerabilities in multiple products, including Azure Apache Oozie, Apache Ambari, Jupyter Notebooks, Apache Hadoop, and Apache Hive 2. Notable vulnerabilities include the Azure HDInsight Jupyter Notebook Spoofing Vulnerability and the Visual Studio Code Jupyter Extension Spoofing Vulnerability. These attacks require expert technical knowledge, differing from generic Linux server attacks. Notably, the malware has been observed connecting back to the IPython kernel in IDA via an external Jupyter console. In response to threats like Jupyter and PyLoose, security professionals have taken several steps to mitigate risks. One strategy includes avoiding public exposure to services like Jupyter Notebook. Moreover, updates have been released to fix security vulnerabilities, as indicated by Resolution MGASA-2024-0067. Additionally, tools like Protect are being used to evaluate Jupyter notebooks for personally identifiable information, internal-use authentication tokens, credentials, and open-source code with nonpermissive licenses. The transition from machine learning operations (MLOps) to a more security-focused approach is seen as a crucial step in combating such advanced threats.
Description last updated: 2024-10-17T12:44:34.494Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Yellow Cockatoo is a possible alias for Jupyter. The SolarMarker malware, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, has been a persistent threat since its inception in 2020. It has steadily evolved over the years, posing significant risks to sectors such as education, healthcare, and small to medium-sized enterprises (SMEs)
3
Jupyter Infostealer is a possible alias for Jupyter. The Jupyter Infostealer, also known as Yellow Cockatoo, SolarMarker, and Polazert, is a harmful malware that has been steadily evolving since 2020. This malicious software targets Chrome and Firefox browser data, exploiting and damaging systems it infiltrates. It can infect systems through suspiciou
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Azure
Vulnerability
Malware
Redis
Chrome
Firefox
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Jupyter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
Recorded Future
3 months ago
Recorded Future
5 months ago
CERT-EU
7 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago