LilithBot malware, has been connected to the threat actor responsible for the malware-as-a-service (MaaS) named Eternity.

Researchers Shatak Jain and Aditya Sharma from Zscaler ThreatLabz stated in a paper released on Wednesday that malware has a sophisticated ability to be employed as a miner, stealer, and clipper in addition to its persistence mechanisms.

The virus has been improved continually by the gang, who have included features like anti-debug and anti-VM checks.

Earlier this year, Eternity Project entered the market by promoting its software and product updates on a Telegram channel. A USB worm, miner, clipper, ransomware, and DDoS bot are among the services offered.


The most recent addition to this list is LilithBot malware. The multipurpose malware bot is offered on a subscription basis to other hackers in exchange for a cryptocurrency payment, just like its rivals.

After successful penetration, the information the bot collected (browser history, cookies, images, and screenshots) is exfiltrated to a remote server in a ZIP package named “”.

The change indicates that the Eternity Project is actively adding to its collection of malware and using cutting-edge strategies to avoid detection.