Yellow Cockatoo

Malware updated 4 months ago (2024-07-09T14:17:41.714Z)
Download STIX
Preview STIX
The SolarMarker malware, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, has been a persistent threat since its inception in 2020. It has steadily evolved over the years, posing significant risks to sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). The malware uses sophisticated techniques to infiltrate systems, often leveraging manipulated search engine optimization (SEO) tactics and malvertising as initial access vectors. These strategies trick users into downloading it from dubious websites when they are searching for popular software. By November 2023, attacks leveraging a new version of the Jupyter information-stealing malware had emerged, demonstrating increased stealth capabilities. This development was reported by various cybersecurity outlets, including The Hacker News. VMware's Carbon Black threat research team also identified Jupyter as one of the top 10 info stealers targeting corporate networks. This highlights the malware's widespread impact and its continued evolution to stay ahead of security measures. Yellow Cockatoo's functionality is not limited to just infiltrating systems; it also serves as a backdoor to machines and harvests a variety of credential information. This includes computer name, user's admin privileges, cookies, web data, and browser password manager information. More alarmingly, it can extract sensitive data from victim systems, such as logins for crypto-wallets and remote access apps. Given these capabilities, the persistence technique employed by Yellow Cockatoo has become a subject of extensive analysis in the cybersecurity community.
Description last updated: 2024-07-09T13:17:37.312Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Jupyter is a possible alias for Yellow Cockatoo. Jupyter, also known as Yellow Cockatoo, Polazert, and Jupyter Infostealer, is a sophisticated malware that has been evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs), exploiting vulnerabilities in services like Do
3
Polazert is a possible alias for Yellow Cockatoo. Polazert, also known as Jupyter Infostealer, SolarMarker, and Yellow Cockatoo, is a sophisticated malware that has been discovered with enhanced stealth capabilities. As reported by The Hacker News on November 7, 2023, this new version of the malware can infiltrate systems without detection, making
2
Jupyter Infostealer is a possible alias for Yellow Cockatoo. The Jupyter Infostealer, also known as Yellow Cockatoo, SolarMarker, and Polazert, is a harmful malware that has been steadily evolving since 2020. This malicious software targets Chrome and Firefox browser data, exploiting and damaging systems it infiltrates. It can infect systems through suspiciou
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Yellow Cockatoo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more