Researchers warn for Eternity project malware service being sold on Telegram

The Eternity Project Service

“Eternity Project”, a malware toolkit that allows professional and amateur hackers to acquire stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot, has been tied to an undisclosed threat actor.

Eternity Project Malware 1024x585
The Eternity project web site

This threat stands out because it uses a Telegram Bot to allow users to create the binaries in addition to utilizing a Telegram channel to convey updates about new features.

An option to tweak the binary characteristics is provided by the threat actors, which makes it possible to produce binaries without any external dependencies, researchers from Cyble have shared in a paper released last week.

In addition to the core functionality, each module may be leased for a fixed amount of money and offers access to a broad range of additional features.

For instance, the Eternity Stealer module can steal passwords, cookies, credit cards, browser extensions for cryptocurrencies, crypto-wallet clients, and email programs from a computer and transfer them to a Telegram Bot for just $260 per year.

Another module, called Eternity Miner, which costs $90 per year as an annual subscription, can use a hacked system to mine bitcoin and other cryptocurrencies.

Eternity Clipper is another module that is actually a clipping application that replaces the original wallet address recorded in the clipboard with an attacker’s wallet address when a cryptocurrency transaction is made. This module can be hired just for $110.

A ransomware-based threat, called Eternity Ransomware can also be hired for $490 and used to encrypt all user data until a ransom is paid.

Eternity Worm is also available for $390 to hire. The malware uses USB drives, local network shares, local files, and spam messages sent through Discord and Telegram.

A special Eternity DDoS Bot (N/A) is another module from the package, that is claimed to be in the works.

In their report, security researchers from Cyble are suggesting that DynamicStealer code, which is publicly accessible on GitHub, maybe being repurposed by the malware creators and sold for profit under another identity.

Cyble researchers have also noted that they have witnessed a considerable spike in cybercrime via Telegram channels and cybercrime forums, where threat actors sell their items without any oversight.

blank

About the author

blank

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment