Jupyter

Malware Profile Updated 4 days ago
Download STIX
Preview STIX
Jupyter, also known as Yellow Cockatoo, SolarMarker, and Polazert, is a sophisticated malware that has evolved since 2020 and targets sectors such as education, healthcare, and SMEs. This information-stealing malware has been seen to exploit vulnerabilities in several products, including Azure Apache Oozie, Apache Ambari, Jupyter Notebooks, Apache Hadoop, and Apache Hive 2. Attackers have been increasingly targeting services like Docker, Redis, Kubernetes, and Jupyter, requiring expert technical knowledge different from what's required for attacking generic Linux servers. The Jupyter malware has been linked with multiple significant attacks. For instance, the PyLoose attack unfolded in several stages, beginning with the attacker gaining initial access through an exposed Jupyter Notebook service that failed to restrict the execution of system commands. In another case, the Qubitstrike Malware targeted Jupyter Notebooks for cloud data. These instances highlight the malware's ability to exploit vulnerabilities in systems and steal sensitive information. To mitigate threats like Jupyter and similar ones such as PyLoose, security professionals are advised to avoid public exposure to services like Jupyter Notebook. Recent updates to jupyter-notebook packages (as per Resolution MGASA-2024-0067) have fixed some of the existing security vulnerabilities. However, the discovery of a stealthier version of the Jupyter infostealer in November 2023 indicates that the malware continues to evolve and presents ongoing challenges for cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Yellow Cockatoo
3
The Yellow Cockatoo malware, also known as SolarMarker, Polazert, and Jupyter Infostealer, has been a persistent cybersecurity threat since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs), exploiting their systems to steal sen
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Azure
Vulnerability
Malware
Redis
Chrome
Firefox
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Jupyter InfostealerUnspecified
2
The Jupyter Infostealer, also known as Yellow Cockatoo, SolarMarker, and Polazert, is a sophisticated malware that has been steadily evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). Its primary function is to in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Jupyter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Introducing IPyIDA: A Python plugin for your reverseā€‘engineering toolkit | WeLiveSecurity
DARKReading
6 months ago
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
CERT-EU
7 months ago
Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data
DARKReading
7 months ago
Jupyter Notebook Ripe for Cloud Credential Theft, Researchers Warn
CERT-EU
8 months ago
8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads
BankInfoSecurity
6 months ago
Info Stealers Thrive in Hot Market for Stolen Data
CERT-EU
6 months ago
Stealthier Jupyter infostealer discovered
CERT-EU
10 months ago
Protect AI raises $35M to build a suite of AI-defending tools | TechCrunch
CERT-EU
6 months ago
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
CERT-EU
7 months ago
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
CERT-EU
10 months ago
Links 15/07/2023: LabPlot 2.10.1 and Akademy 2023
CERT-EU
10 months ago
TeamTNT gang may go after Azure and Google Cloud users
CERT-EU
6 months ago
North Korea-linked BlueNoroff's macOS malware variant targets financial firms
CERT-EU
2 months ago
Mageia 2024-0067: jupyter-notebook security update | LinuxSecurity.com
CERT-EU
7 months ago
Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising - Help Net Security
CERT-EU
7 months ago
North Korean hackers targeting TeamCity vulnerability
CERT-EU
7 months ago
Qubitstrike attacks launched against Jupyter Notebooks
CERT-EU
7 months ago
Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers
CERT-EU
10 months ago
TeamTNT Launches Widespread Attacks Against Cloud Infrastructures
Recorded Future
4 days ago
Exploring the Depths of SolarMarker's Multi-tiered Infrastructure | Recorded Future