Threat actors have launched a new all-in-one cybercrime service that is touted to benefit both advanced cybercriminals and low-skilled attackers. Referred to as ‘Eternity Project’, the new malware-as-a-service can be customized with different modules depending on the attack being conducted.
What’s the update?
Discovered by Cyble Research Labs, the Eternity Project is being actively promoted on a Tor website and a Telegram channel.
The cybercrime service offers a variety of malware for sale. These include an info-stealer, a coin miner, a clipper, ransomware, a worm, and a DDoS-based bot.
The threat actors behind the new malware toolkit are using the Telegram to promote the features and malware operations through detailed videos.
They are sharing new updates, which indicates that the threat actors are actively enhancing the features of malware-as-a-service.
Interestingly, an amateur with the intention to launch an attack can also use this modular kit to build malware.
Tools in details
Info-stealer, which is sold for $260/year, can steal passwords, credit cards, bookmarks, tokens, cookies, and autofill data stored in over 20 web browsers.
It can pilfer information from cryptocurrency extensions or even cold wallets. It also targets password managers, VPN clients, messengers, and gaming clients.
The miner module is sold at a price of $90/year and features Monero mining capability, task manager hiding, and startup launch persistence.
The clipper malware is set at a price of $110/year and is capable of monitoring the clipboard of an infected machine for cryptocurrency wallets and replacing them with threat actors’ crypto-wallet addresses.
The Eternity Worm is being sold at a price of $390 and is capable of spreading on its own via USB drivers, local network shares, local files, cloud drives, Python projects, Discord accounts, and Telegram accounts.
The Eternity ransomware is the most expensive module and is priced at $490. It supports offline encryption using a combination of AES and RSA and targets documents, photos, and databases.
The DDoS bot malware is currently under development.
Worth noting
Based on the analysis, researchers found several similarities between the Eternity stealer module and Jester Stealer. Both probably derived source code from a GitHub project named DynamicStealer.
Conclusion
CaaS or Crimeware-as-a-Service is gaining traction on Telegram channels and underground forums. Threats due to such toolkits are likely to intensify as they can facilitate cybercriminals with a raft of malicious activities online. Businesses must, therefore, improve their defense approaches by imparting security awareness training, limiting admin controls, and updating policies and procedures.