New Jupyter Infostealer Malware Resurfaces with Tricky Tactics ๐Ÿฆ 

Nov 08 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes cyberattacks only happened โ€˜Now and thenโ€™ ๐Ÿ˜ #NewBeatles ๐ŸŽ‰๐ŸŽธ๐ŸŽ™๏ธ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿช Watch out! โ€˜Jupyterโ€™ malware ups its game stealthy infostealer ๐Ÿค๐Ÿ‘€

  • ๐Ÿš€๐Ÿ‘ฒ N. Korea criminals โ€˜BlueNoroffโ€™ blamed for macOS hack-attack ๐Ÿ‘จโ€๐Ÿ’ป

  • ๐Ÿ˜ˆ Ransomware attackers leak 5 Canadian hospitalsโ€™ patientsโ€™ data ๐Ÿฅ

Men Are From Mars, Malware Is From Jupyter ๐Ÿช

๐Ÿšจ New Jupyter Infostealer Malware Resurfaces with Tricky Tactics ๐Ÿฆ 

The Jupyter Infostealer, also known as Polazert, SolarMarker, and Yellow Cockatoo, is back with sneaky "simple yet impactful changes." ๐Ÿ’ป Researchers from VMware Carbon Black uncovered this dangerous malware's latest tactics.

๐ŸŒ Initial Access: Jupyter tricks users with manipulated SEO tactics and malvertising to download it from dubious websites. ๐ŸŒ

๐Ÿ” What Does It Do?

  • Harvests Credentials ๐Ÿค–

  • Establishes Encrypted Command-and-Control Communication ๐Ÿ”’

  • Executes Arbitrary Commands โš™๏ธ

๐Ÿ“œ Latest Updates:

The malware now uses certificates to make itself appear legitimate, but it's a disguise! Fake installers launch the infection chain, connecting to a remote server using PowerShell. ๐Ÿ˜ฑ

๐ŸŒŒ Evolving Threats:

Other malware, like Lumma Stealer and Mystic Stealer, have been updated to include loaders for more devious attacks, including ransomware. ๐Ÿ˜ˆ

๐Ÿ”„ Constant Evolution:

Jupyter Infostealer has updated its network communication and gained popularity among cybercriminals. It now distributes other malware like RedLine, DarkGate, and GCleaner using its loader functionality. ๐Ÿ“ˆ

๐Ÿ‘พ More Malware:

Keep an eye out for Akira Stealer and Millenium RAT, equipped with various features for data theft. The world of cyber threats is constantly changing! ๐ŸŒŽ

๐Ÿค– Proxy Botnet Alert:

PrivateLoader and Amadey malware have infected thousands of devices with a proxy botnet called Socks5Systemz. ๐Ÿงฆ This botnet turns infected machines into proxies for anonymity. ๐Ÿ’ฐ

๐ŸŒ Where Are the Threat Actors?

The actors behind these attacks may be of Russian origin, given the lack of infections in the country. ๐Ÿปโ€โ„๏ธ

Stay safe online! ๐Ÿ’ช Update your security tools and stay vigilant. ๐Ÿ’ก

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Kim Jong Un: When Iโ€™m called off, I grab the Noroff. Squeeze the trigger and macbooks get hauled off ๐Ÿ”ซ๐Ÿ”ช๐Ÿ‘Š๐Ÿฟ๐Ÿ’€๐Ÿ˜‚

๐Ÿšจ North Korea's BlueNoroff Unleashes macOS Malware: ObjCShellz Strikes ๐Ÿ–ฅ๏ธ๐Ÿ’ฃ

The notorious BlueNoroff, also known as APT38 and more, linked to North Korea, is behind a new macOS malware named ObjCShellz.

๐Ÿง What You Need to Know:

  • Part of the RustBucket malware campaign ๐Ÿ’ผ

  • Likely delivered via social engineering ๐Ÿคฏ

  • Used in multi-stage attacks ๐Ÿ’ฅ

๐Ÿ•ต๏ธโ€โ™€๏ธ How It Works:

ObjCShellz, written in Objective-C, is a remote shell for executing commands from an attacker's server. ๐Ÿš

๐ŸŽฏ Potential Targets:

It's suspected that this malware targets companies in the cryptocurrency industry or those closely related. โ‚ฟ

๐Ÿš€ Cyber Threats Evolve:

North Korea-sponsored groups like Lazarus, to which BlueNoroff is linked, are constantly evolving and sharing tactics and tools. ๐ŸŒ

๐Ÿšซ Stay Vigilant:

While it's a simple malware, it's highly functional. Keep your cybersecurity tools updated! ๐Ÿ’ช

Watch out for more macOS malware campaigns as these threat actors adapt and expand their reach. ๐ŸŒŸย ๐Ÿšซ๐Ÿฆ 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Guess they werenโ€™t bluffing, eh? ๐Ÿ๐Ÿ’€๐Ÿ˜ญ

๐Ÿšจ Data Breach Alert: 5 Canadian Hospitals Hit by Ransomware ๐Ÿฅ

๐Ÿ˜ฑ In a major security breach, patient and employee data from five Canadian hospitals have been stolen and leaked online due to a ransomware attack.

๐Ÿจ Hospitals Impacted:

  • Bluewater Health

  • Chatham-Kent Health Alliance

  • Erie Shores HealthCare

  • Hรดtel-Dieu Grace Healthcare

  • Windsor Regional Hospital

  • Plus, service provider TransForm Shared Service Organization

๐Ÿ“‚ Shared Drive Compromised:

A shared drive was breached as part of this incident, leading to the exposure of sensitive information.

๐Ÿฅ Data Stolen:

  • Bluewater Health suffered the most significant impact, with approximately 5.6 million patient visits and some employee data stolen.

  • Chatham-Kent Health Alliance had employee information compromised, including names, addresses, social insurance numbers, and more.

  • Erie Shores HealthCare patients' information and employee social insurance numbers were also stolen.

  • Limited patient and employee data was accessed for Windsor Regional Hospital and Hรดtel-Dieu Grace Healthcare.

๐Ÿ”’ No Banking Info Compromised: Fortunately, no banking information was stolen in the attack.

๐Ÿ” Ongoing Investigation:

All hospitals are actively working to identify affected individuals and the extent of employee data compromised. The Ontario Information and Privacy Commissioner has been notified.

๐Ÿฆ  Ransomware Gang Claims Responsibility:

While the threat actor remains unnamed, the Daixin ransomware gang has claimed responsibility and posted allegedly stolen data online, including thousands of personally identifiable and protected health information records.

๐ŸŒ Cybersecurity Warning:

Last year, the US cybersecurity agency CISA and the FBI warned about the risks associated with the Daixin ransomware.

Stay vigilant! ๐Ÿšซ๐Ÿ’ป๐Ÿ›ก๏ธ Itโ€™s unclear at this juncture whether any or all of the affected hospitals straight up refused to pay the hackerโ€™s ransom or never even had the chanceโ€ฆ Goes to show, you canโ€™t negotiate with cyber-terrorists โ˜ ๏ธโ˜ ๏ธโ˜ ๏ธ

Reminds us of the old scorpion and the frog fable ๐Ÿฆ‚๐Ÿธ Screwing people over is in these hackersโ€™ very nature even if it means they wind up losing out.

Anyway, on that bombshell: till next time homies โœŒ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles