The cybersecurity experts at Cyble Research Labs detected a new malware-as-a-service called ‘Eternity Project,’ where threat actors can buy custom malware tools according to their needs and purpose.
In addition to being modular, the malware toolkit includes a range of other items and all these items can be purchased separately. Here we have mentioned all the items below:-
- Coin miner
- Ransomware program
- Worm spreader
- DDoS bot
A dedicated Telegram channel for all of the above is leading the way and it counts over 500 followers. This channel contains release notes, usage instructions, and discussion topics that allow the authors to discuss new features and discuss the direction the software is heading.
- Info-stealer: In over 20 browsers, this tool snatches passwords, credit cards, bookmarks, tokens, cookies, and autofill information. What about its price? Well, it costs $260/year.
- Miner module: A cost of $90/year is charged for this software, which includes hiding tasks in task manager, auto-restart on termination, as well as persistent startup.
- Clipper: This tool costs $110, and it will monitor our clipboard for cryptocurrency wallet addresses. It will also replace them with wallet addresses that will be controlled by the owners.
- Eternity Worm: A single copy of this program costs $390 and can be used to spread malware automatically through the following mediums:-
- USB drivers
- Local network shares
- Local files
- Cloud drives
- Python projects
- Discord accounts
- Telegram accounts
- Eternity ransomware: A module of this nature costs $490, and is considered the most expensive. With this program, you can encrypt documents, photos, and databases using a combination of AES and RSA and it also supports offline encryption as well.
The Authenticity of the Eternity Project
Security analysts at Cyble have claimed that till now they haven’t managed to investigate all the modules that are on sale. In Telegram conversations, the users unanimously agree that this is a real threat as they have seen samples of the malware circulating and being used in the wild.
On the other hand, when they examined the stealer module they noticed a few similarities to the Jester Stealer which is probably the result of the DynamicStealer project which is found on GitHub.
There is a high probability that the Eternity Stealer project is not an original code but is a copy of it that has been modified and rebranded to be sold on Telegram.