Threat actors have unveiled a new all-in-one cybercrime solution that is said to benefit both sophisticated and low-level attackers. The new malware-as-a-service, dubbed ‘Eternity Project,’ may be configured with different modules depending on the type of attack being carried out.
The Eternity Project, discovered by Cyble Research Labs, is being actively marketed on a Tor website and a Telegram channel.
- The cybercrime marketplace sells a range of malware. An information stealer, a currency miner, a clipper, ransomware, a worm, and a DDoS-based bot are among them.
- Threat actors behind the new malware toolkit are promoting the features and malicious operations via extensive videos on Telegram.
- They’re distributing new updates, indicating that threat actors are actively improving malware-as-a-service capabilities.
- Surprisingly, an amateur who wants to launch an assault can utilise this modular kit to create malware.
Tools in details
- Info-stealers can steal passwords, credit cards, bookmarks, tokens, cookies, and autofill data from over 20 web browsers for $260 per year.
- It has the ability to steal data from bitcoin extensions and even cold wallets. Password managers, VPN clients, messengers, and gaming clients are all targets.
- The miner module is available for $90 per year and includes Monero mining, task manager concealment, and startup launch persistence.
- The clipper malware costs $110 a year and is capable of scanning an infected machine’s clipboard for cryptocurrency wallet addresses and substituting them with threat actors’ crypto-wallet addresses.
- The Eternity Worm costs $390 and may propagate on its own using USB drivers, local network shares, local files, cloud drives, Python projects, Discord accounts, and Telegram accounts.
- The Eternity ransomware module is the most expensive, costing $490. It targets documents, images, and databases and offers offline encryption using a mix of AES and RSA.
- The DDoS bot software is still being developed.
According to the findings, the Eternity Stealer module and Jester Stealer have significant similarities. Both were most likely inspired by a GitHub project called DynamicStealer.
On Telegram channels and underground forums, CaaS, or Crimeware-as-a-Service, is gaining traction. The risks posed by such toolkits are likely to grow as they can let fraudsters carry out a variety of nefarious operations online. As a result, businesses must strengthen their security strategies by providing security awareness training, reducing administrative controls, and upgrading policies and procedures.