Eternity Project malware-as-a-service uses Telegram to spread around

Researchers warn about the Eternity malware that is being sold and offers stealer, miner, ransomware tools

Malware authors offer purchases for the malware-as-a-service toolkit

Threat actors launched the Eternity Project malware-as-a-service that offers to purchase the malware toolkit which can be customized with particular modules based on the attack that is launched. The malicious toolkit includes the info-stealer code, cryptocurrency miner, clipper, and ransomware programs.^[1] it also has a worm spreader and DDoS bot. These tools can be purchased as separate tools.^[2]

The developer sells the Stealer module for $260 as an annual subscription. The Eternity Stealer steals passwords, cookies, credit cards, and crypto-wallets from the victim’s machine and sends them to the TA’s Telegram Bot.

The unidentified attackers have been linked to the active malware toolkit in development. The distribution allows professional and amateur cybercriminals to purchase these tools for their malicious campaigns.^[3] besides using the Telegram channel to communicate with the community and post updates about the features and functions, the attackers also use the Telegram bot that allows buyers to build the binary.

The criminal behind this toolkit provides the option in the channel to customize the binary features. It is an effective way to build binaries without dependencies, researchers^[4] say. The particular Telegram channel has more than 500 members.

Malicious functions and tools

Eternity Stealer is the threat sold for $260 for the annual subscription. This tool siphons passwords, cookies, credit card details, browser cryptocurrency extensions, crypto wallets, and VPN clients. it can Gather data from email apps on the machine and send the information to the Telegram bot.

Eternity Miner is sold for $90 as an annual subscription. It abuses the resources of computers and runs on the compromised machine to mine money. Eternity Clipper is sold for $110. it is the crypto-clipping program that steals cryptocurrency during transactions with original wallet addresses saved in the clipboard. It changes the original address with the attacker's wallet address.

Eternity Ransomware costs $490. This is a 130kb ransomware virus executable that encrypts all of the files on victims' computers to have the purpose for the ransom demands. Eternity Worm costs $390 and propagates via USB drivers, network shares, local files, and spam messages on Discord, and Telegram. Eternity DDoS bot is the feature that is under development.

Additional details

The most expensive toolkit is the ransomware module that runs for $490, and it supports offline encryption using the mix of RSA and AES encryption algorithms.^[5] It can lock documents, photos, databases, and archives. Authors of this malware claim that the ransomware payload is undetectable. They also state that Virus Total results show the payload is detected by none of the particular AV tools.

This cryptovirus also offers the option to set the timer that renders these files completely and data is no longer recoverable once the time expires. This is the feature that helps to pressure victims to pay the demanded ransom as quickly as possible. It is observed that Eternity Stealer already is copying the code of other malware pieces that are placed on GitHub. Modifications and rebranding get played to sell it on the Telegram for profit.

Researchers state that this cybercrime when the Telegram channels and other cybercrime forums are used to sell malicious programs and other products becoming more popular. There is a significant increase in such attacks and cybercrime. The additional instructions that creators place on their channels makes this malware kit a severe threat because even inexperienced hackers can purchase and learn how to use the malware.