Fraudsters on Telegram are selling Eternity malware tool kits to clients.

Cybercriminals have introduced the ‘Eternity Malware Project,’ a new malware-as-a-service offering in which cyber attackers may buy a malware toolkit that can be modified with different modules based on the type of attack being carried out.

What’s the latest news?

The Eternity Malware Project, discovered by Cyble Research Labs, is aggressively pushed on a Tor website and a Telegram channel.

• The cybercrime service sells a range of viruses. An info-stealer, a currency miner, a clipper, ransomware, a worm, and a DDoS-based bot are among them.
• The threat actors behind the new malware toolkit are promoting the features and malicious operations via extensive videos on Telegram.
• They are actively distributing new updates, indicating that threat actors are continually improving the functionality of malware-as-a-service.
• Surprisingly, a novice with the aim to conduct an attack may also utilise this modular kit to create malware.

Clients can choose from a wide range of products, including ransomware, Worm, malware, DDoS (Distributed Denial of Service) Bot, bitcoin mining apps, and more, with fees ranging from $90 (about. Rs 7,003) to $490. (around Rs 38,125).

Eternity malware tool kits in details

1. Info-stealer, which costs $260 (₹20,230.13) per year, is capable of stealing passwords, credit cards, bookmarks, tokens, cookies, and autofill data from over 20 web browsers. It can steal data from bitcoin extensions and even cold wallets. Password managers, VPN clients, messengers, and gaming clients are additional targets.
2. The miner module costs $90(₹7,002.47) per year and includes Monero mining, task manager concealment, and startup launch persistence.
3. The clipper virus costs $110(₹8,558.67) a year and is capable of scanning an infected machine’s clipboard for cryptocurrency wallets and substituting them with threat actors’ crypto-wallet addresses.
4. The Eternity Worm costs $390(₹30,344.36) and can propagate itself through USB drivers, local network shares, local files, cloud storage, Python projects, Discord accounts, and Telegram accounts.
5. The Eternity ransomware module is the most costly, costing $490(₹38,124.96). It targets documents, images, and databases and offers offline encryption using a mix of AES and RSA.
6. DDoS bot malware is actively being developed.

Researchers at Cyble who found the Eternity Malware Project told that while they hadn’t had time to investigate all of the modules, they had observed copies of the virus circulating and being used in the wild, and all user comments on Telegram point to this being a serious concern.

Cyble researchers discovered significant similarities between the stealer module and the Jester Stealer, both of which are likely sourced from a GitHub project called DynamicStealer.

“Curiously, anybody who buy the virus can use the Telegram Bot to construct the binary,” the researchers stated. “In the Telegram channel, the [cyber attackers] give an ability to configure the binary features, which provides an effective technique to construct binaries without any dependencies.”

Malware sales and subscriptions are alive and well in the cybercriminal world, with developers offering popular malware kinds ranging from ransomware to DDoS and phishing programmes, as evidenced by the discovery of the Frappo phishing-as-a-service tool late last month.

Some criminals also provide access to infiltrated networks via stolen credentials or direct access.

The programmer has several options for monetizing their work with malware-as-a-service. They can use their malware to steal money, make money by leasing or selling the code, and charge for support and associated services. At the same time, criminals who lack the knowledge or time to create their own harmful code can just purchase it from someone else.

Conclusion

CaaS, or Crimeware-as-a-Service, is gaining acceptance in deep web and Telegram groups. Threats posed by such toolkits are anticipated to grow as they enable fraudsters to engage in a variety of destructive online activities.

Businesses must consequently strengthen their defences by providing security awareness training, reducing administrative controls, and upgrading policies and procedures.