Jupyter

Malware updated a month ago (2024-11-29T14:21:13.910Z)

Download STIX

Preview STIX

Jupyter, also known as SolarMarker, Yellow Cockatoo, and Polazert, is a form of malware that has been evolving since 2020. It targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). This malicious software exploits and damages computer systems, often gaining access through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Jupyter Infostealer specifically leverages unauthenticated access to Jupyter Lab and Jupyter Notebook—interactive tools widely used in data science—to establish initial access and achieve remote code execution. The threat actors have exploited vulnerabilities in multiple products, including Azure Apache Oozie, Apache Ambari, Jupyter Notebooks, Apache Hadoop, and Apache Hive 2. They have also taken advantage of the Azure HDInsight Jupyter Notebook Spoofing Vulnerability and the Visual Studio Code Jupyter Extension Spoofing Vulnerability. In addition, they have capitalized on misconfigured JupyterLab and Jupyter Notebooks servers to illegally redistribute sports streams. The company's honeypots set up for Jupyter Lab and Jupyter Notebook were affected due to these vulnerabilities and the use of weak passwords. Attackers are increasingly targeting services such as Docker, Redis, Kubernetes, and Jupyter, which require expert technical knowledge to exploit, different from that required for attacking generic Linux servers. This shift marks a transition from traditional machine learning operations (MLOps) towards a more security-focused approach. Among other potentially problematic lines in code, Protect evaluates Jupyter notebooks for personally identifiable information (e.g., names and phone numbers), internal-use authentication tokens and credentials, and open source code with a “nonpermissive” license that might prohibit its commercial use.

Description last updated: 2024-11-21T10:24:22.524Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Yellow Cockatoo is a possible alias for Jupyter. The SolarMarker malware, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, has been a persistent threat since its inception in 2020. It has steadily evolved over the years, posing significant risks to sectors such as education, healthcare, and small to medium-sized enterprises (SMEs)	3
Jupyter Infostealer is a possible alias for Jupyter. The Jupyter Infostealer, also known as Yellow Cockatoo, SolarMarker, and Polazert, is a harmful malware that has been steadily evolving since 2020. This malicious software targets Chrome and Firefox browser data, exploiting and damaging systems it infiltrates. It can infect systems through suspiciou	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Azure

Vulnerability

Backdoor

Redis

Remote Code ...

Exploit

Chrome

Firefox

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Jupyter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a month ago	Hackers Hijack Jupyter Servers for Sport Stream Ripping
Securityaffairs	a month ago	Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
CERT-EU	10 months ago	Cloud-focused malware campaigns on the increase
Recorded Future	6 months ago	Exploring the Depths of SolarMarker's Multi-tiered Infrastructure \| Recorded Future
Recorded Future	7 months ago	Exploring the Depths of SolarMarker's Multi-tiered Infrastructure \| Recorded Future
CERT-EU	9 months ago	Mageia 2024-0067: jupyter-notebook security update \| LinuxSecurity.com
CERT-EU	10 months ago	Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
CERT-EU	10 months ago	Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
CERT-EU	a year ago	FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft
CERT-EU	a year ago	Meet PyLoose – First Python-Based Fileless Attack in the Wild
CERT-EU	a year ago	North Korea-linked BlueNoroff's macOS malware variant targets financial firms
CERT-EU	a year ago	8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads
CERT-EU	a year ago	Ноябрьские патчи Microsoft устраняют 58 дыр, 5 используются в атаках
CERT-EU	a year ago	Silentbob Campaign: Cloud-Native Environments Under Attack
CERT-EU	a year ago	Issue #584 (July 4, 2023) – GIXtools
CERT-EU	a year ago	Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
CERT-EU	a year ago	GovCERT.HK - Security Alerts
CERT-EU	a year ago	Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
BankInfoSecurity	a year ago	Info Stealers Thrive in Hot Market for Stolen Data
CERT-EU	a year ago	OracleIV emerges as a ‘Dockerized’ DDoS bot agent