Jupyter

Jupyter, also known as SolarMarker, Yellow Cockatoo, and Polazert, is a form of malware that has been evolving since 2020. It targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). This malicious software exploits and damages computer systems, often gaining access through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Jupyter Infostealer specifically leverages unauthenticated access to Jupyter Lab and Jupyter Notebook—interactive tools widely used in data science—to establish initial access and achieve remote code execution. The threat actors have exploited vulnerabilities in multiple products, including Azure Apache Oozie, Apache Ambari, Jupyter Notebooks, Apache Hadoop, and Apache Hive 2. They have also taken advantage of the Azure HDInsight Jupyter Notebook Spoofing Vulnerability and the Visual Studio Code Jupyter Extension Spoofing Vulnerability. In addition, they have capitalized on misconfigured JupyterLab and Jupyter Notebooks servers to illegally redistribute sports streams. The company's honeypots set up for Jupyter Lab and Jupyter Notebook were affected due to these vulnerabilities and the use of weak passwords. Attackers are increasingly targeting services such as Docker, Redis, Kubernetes, and Jupyter, which require expert technical knowledge to exploit, different from that required for attacking generic Linux servers. This shift marks a transition from traditional machine learning operations (MLOps) towards a more security-focused approach. Among other potentially problematic lines in code, Protect evaluates Jupyter notebooks for personally identifiable information (e.g., names and phone numbers), internal-use authentication tokens and credentials, and open source code with a “nonpermissive” license that might prohibit its commercial use.