Eternity Malware-As-A-Service: Threat Actors Utilize Telegram For Spread
The Eternity Project, a malware-as-a-service offering, has recently been detected on the messaging app Telegram. This project provides a modular malware toolkit that can be purchased separately, attracting over 500 followers on its dedicated Telegram channel. The toolkit includes various tools such as an info-stealer, coin miner, clipper, worm program, and ransomware module, each available for purchase at different prices. Although a comprehensive analysis of all the modules has not been conducted by Cyble Research Labs, the authenticity of the Eternity Project is supported by the existence of circulating malware samples and similarities to other projects on GitHub. In recent cyber security news, Google has disclosed red team attacks targeting artificial intelligence, over 15,000 vulnerable Citrix servers are at risk of code injection attacks, and multiple vulnerabilities in encrypted police and military radios enable potential decryption of traffic. This article aims to provide an overview of the Eternity Project, discuss the offered malware tools, and examine the authenticity of this malware-as-a-service.
Key Takeaways
- Eternity Malware-as-a-Service is a project detected by Cyble Research Labs that allows threat actors to buy custom malware tools.
- The malware toolkit is modular and can be purchased separately, with tools such as an info-stealer, coin miner, clipper, worm program, and ransomware module available.
- The project has a dedicated Telegram channel with over 500 followers, where release notes, usage instructions, and discussion topics are shared.
- While security analysts have not fully investigated all modules, the circulating malware samples and similarities to other projects suggest that the Eternity Project is a real threat.
Overview of Eternity Project
The Eternity Project, detected by Cyble Research Labs, offers threat actors the ability to purchase custom malware tools through a modular and customizable malware toolkit, which is accessible through a dedicated Telegram channel with a substantial following. This project has the potential to have a significant impact on targeted individuals, as it provides threat actors with various tools to carry out malicious activities. The info-stealer tool, for instance, allows threat actors to snatch sensitive information such as passwords, credit cards, and bookmarks. Additionally, the Eternity Worm Program enables the automatic spread of malware through various mediums, including USB drivers, local network shares, and cloud drives. To mitigate the spread of Eternity malware, it is crucial to employ strategies such as regularly updating security software, implementing strong passwords, and educating individuals about the risks associated with clicking on suspicious links or downloading unknown files.
Malware Tools Offered
Snatching passwords, credit cards, bookmarks, tokens, cookies, and autofill information, the info-stealer tool is priced at $260 per year. The Eternity Malware-as-a-Service offers various modules that can be purchased separately to suit the threat actor’s needs. These modules include a coin miner module, a clipper tool, an eternity worm program, and an eternity ransomware module. The coin miner module hides tasks in the task manager and auto-restarts on termination, while the clipper tool monitors the clipboard for cryptocurrency wallet addresses and replaces them with controlled addresses. The eternity worm program spreads malware automatically through various mediums such as USB drivers, local network shares, and cloud drives. The eternity ransomware module encrypts documents, photos, and databases using AES and RSA encryption.
To provide a visual representation of the pricing and features of the Eternity Malware-as-a-Service modules, the following table is presented:
| Module | Features | Price |
|---|---|---|
| Info-stealer | Snatches passwords, credit cards, bookmarks, tokens, cookies, and autofill information | $260/yr |
| Coin Miner | Hides tasks in task manager and auto-restarts on termination | $90/yr |
| Clipper Tool | Monitors clipboard for cryptocurrency wallet addresses and replaces them with controlled ones | $110 |
| Eternity Worm | Spreads malware automatically through various mediums | $390 |
| Eternity Ransomware | Encrypts documents, photos, and databases using AES and RSA encryption | $490 |
The Eternity Project poses a significant threat as threat actors can easily obtain and utilize these tools to conduct malicious activities. Mitigation strategies include regular security updates, user education on phishing attempts, and implementing strong password policies.
Authenticity of Eternity Project
Based on the analysis conducted by security analysts at Cyble Research Labs, the authenticity of the Eternity Project has not been fully investigated, but users have identified it as a genuine concern based on the presence of circulating malware samples and similarities to other well-known projects. The origins of the Eternity Project are still under investigation, and while researchers at Cyble have not fully examined all the modules, users have reached a consensus that it poses a real threat. The similarities between the Eternity Project and other malware-as-a-service platforms, such as Jester Stealer and DynamicStealer on GitHub, have also been noted. Further research and analysis are needed to determine the full extent of the Eternity Project’s capabilities and the threat it poses in the cybersecurity landscape.
Frequently Asked Questions
How can threat actors purchase the Eternity malware tools?
Threat actors can purchase the eternity malware tools through the dedicated Telegram channel, which offers a range of modules such as info-stealer, coin miner, clipper, worm program, and ransomware. The potential implications include increased cyberattacks and the theft of sensitive information, leading to financial losses and compromised security.
Are there any additional modules or tools offered by the Eternity Project that were not mentioned in the article?
Additional modules or tools offered by the Eternity project, apart from those mentioned in the article, were not discussed. The focus was on the availability and pricing of tools such as the info-stealer, coin miner, clipper, worm program, and ransomware module. The article did not provide information on any other modules or tools.
How does the Clipper Tool replace cryptocurrency wallet addresses with controlled addresses?
The clipper tool offered by the Eternity Project replaces cryptocurrency wallet addresses with controlled addresses. This tool monitors the clipboard for wallet addresses and swaps them with the threat actor’s addresses, allowing them to gain control over transactions involving cryptocurrencies.
What are some of the mediums through which the Eternity Worm Program spreads malware automatically?
The eternity worm program spreads malware automatically through various mediums, including email attachments, malicious websites, and infected USB drives. These channels facilitate the distribution of the malware and increase the potential for infecting a wide range of systems.
Are there any known countermeasures or mitigation strategies against the Eternity Ransomware Module?
Countermeasures against the Eternity ransomware module include implementing ransomware prevention techniques, such as regularly backing up data, keeping software up to date, using strong and unique passwords, and educating users about phishing attacks. Best practices for protecting against malware infections include using reputable antivirus software, practicing safe browsing habits, and being cautious when downloading and opening files from unknown sources.
