New Jupyter Infostealer Malware Resurfaces with Tricky Tactics 🦠

Nov 08 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes cyberattacks only happened ‘Now and then’ 😐 #NewBeatles 🎉🎸🎙️

Today’s hottest cybersecurity news stories:

  • 🪐 Watch out! ‘Jupyter’ malware ups its game stealthy infostealer 🤏👀

  • 🚀👲 N. Korea criminals ‘BlueNoroff’ blamed for macOS hack-attack 👨‍💻

  • 😈 Ransomware attackers leak 5 Canadian hospitals’ patients’ data 🏥

Men Are From Mars, Malware Is From Jupyter 🪐

🚨 New Jupyter Infostealer Malware Resurfaces with Tricky Tactics 🦠

The Jupyter Infostealer, also known as Polazert, SolarMarker, and Yellow Cockatoo, is back with sneaky "simple yet impactful changes." 💻 Researchers from VMware Carbon Black uncovered this dangerous malware's latest tactics.

🌐 Initial Access: Jupyter tricks users with manipulated SEO tactics and malvertising to download it from dubious websites. 🌐

🔍 What Does It Do?

  • Harvests Credentials 🤖

  • Establishes Encrypted Command-and-Control Communication 🔒

  • Executes Arbitrary Commands ⚙️

📜 Latest Updates:

The malware now uses certificates to make itself appear legitimate, but it's a disguise! Fake installers launch the infection chain, connecting to a remote server using PowerShell. 😱

🌌 Evolving Threats:

Other malware, like Lumma Stealer and Mystic Stealer, have been updated to include loaders for more devious attacks, including ransomware. 😈

🔄 Constant Evolution:

Jupyter Infostealer has updated its network communication and gained popularity among cybercriminals. It now distributes other malware like RedLine, DarkGate, and GCleaner using its loader functionality. 📈

👾 More Malware:

Keep an eye out for Akira Stealer and Millenium RAT, equipped with various features for data theft. The world of cyber threats is constantly changing! 🌎

🤖 Proxy Botnet Alert:

PrivateLoader and Amadey malware have infected thousands of devices with a proxy botnet called Socks5Systemz. 🧦 This botnet turns infected machines into proxies for anonymity. 💰

🌐 Where Are the Threat Actors?

The actors behind these attacks may be of Russian origin, given the lack of infections in the country. 🐻‍❄️

Stay safe online! 💪 Update your security tools and stay vigilant. 💡

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Kim Jong Un: When I’m called off, I grab the Noroff. Squeeze the trigger and macbooks get hauled off 🔫🔪👊🏿💀😂

🚨 North Korea's BlueNoroff Unleashes macOS Malware: ObjCShellz Strikes 🖥️💣

The notorious BlueNoroff, also known as APT38 and more, linked to North Korea, is behind a new macOS malware named ObjCShellz.

🧐 What You Need to Know:

  • Part of the RustBucket malware campaign 💼

  • Likely delivered via social engineering 🤯

  • Used in multi-stage attacks 💥

🕵️‍♀️ How It Works:

ObjCShellz, written in Objective-C, is a remote shell for executing commands from an attacker's server. 🐚

🎯 Potential Targets:

It's suspected that this malware targets companies in the cryptocurrency industry or those closely related. ₿

🚀 Cyber Threats Evolve:

North Korea-sponsored groups like Lazarus, to which BlueNoroff is linked, are constantly evolving and sharing tactics and tools. 🌐

🚫 Stay Vigilant:

While it's a simple malware, it's highly functional. Keep your cybersecurity tools updated! 💪

Watch out for more macOS malware campaigns as these threat actors adapt and expand their reach. 🌟 🚫🦠

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)


🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Guess they weren’t bluffing, eh? 🍁💀😭

🚨 Data Breach Alert: 5 Canadian Hospitals Hit by Ransomware 🏥

😱 In a major security breach, patient and employee data from five Canadian hospitals have been stolen and leaked online due to a ransomware attack.

🏨 Hospitals Impacted:

  • Bluewater Health

  • Chatham-Kent Health Alliance

  • Erie Shores HealthCare

  • Hôtel-Dieu Grace Healthcare

  • Windsor Regional Hospital

  • Plus, service provider TransForm Shared Service Organization

📂 Shared Drive Compromised:

A shared drive was breached as part of this incident, leading to the exposure of sensitive information.

🏥 Data Stolen:

  • Bluewater Health suffered the most significant impact, with approximately 5.6 million patient visits and some employee data stolen.

  • Chatham-Kent Health Alliance had employee information compromised, including names, addresses, social insurance numbers, and more.

  • Erie Shores HealthCare patients' information and employee social insurance numbers were also stolen.

  • Limited patient and employee data was accessed for Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare.

🔒 No Banking Info Compromised: Fortunately, no banking information was stolen in the attack.

🔍 Ongoing Investigation:

All hospitals are actively working to identify affected individuals and the extent of employee data compromised. The Ontario Information and Privacy Commissioner has been notified.

🦠 Ransomware Gang Claims Responsibility:

While the threat actor remains unnamed, the Daixin ransomware gang has claimed responsibility and posted allegedly stolen data online, including thousands of personally identifiable and protected health information records.

🌐 Cybersecurity Warning:

Last year, the US cybersecurity agency CISA and the FBI warned about the risks associated with the Daixin ransomware.

Stay vigilant! 🚫💻🛡️ It’s unclear at this juncture whether any or all of the affected hospitals straight up refused to pay the hacker’s ransom or never even had the chance… Goes to show, you can’t negotiate with cyber-terrorists ☠️☠️☠️

Reminds us of the old scorpion and the frog fable 🦂🐸 Screwing people over is in these hackers’ very nature even if it means they wind up losing out.

Anyway, on that bombshell: till next time homies ✌️

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles