Morphisec: A new version of the Jupyter trojan is on the wild. The malware, written in .NET, is delivered through MSI installer and thwarts online AV scanners

A new version of the Jupyter trojan is on the wild. It has been discovered by Morphisec cybersecurity experts. The malware, written in .NET, is delivered through MSI installer, and targets primarily Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor. The size of the MSI payloads is consistently over 100MBs. This allows it to thwart online AV scanners. Once the victim runs the MSI payload, it executes a legitimate installation binary of Nitro Pro 13. Correlating this attribution with the variant’s file names suggests that the delivery method disguises it as a PDF. Furthermore, some of the variants are signed with a (currently) valid certificate. Based on the following certificate data, researchers assume that the cybercrime actor either impersonated the certificate or stole it from a legitimate business.