Malware-as-a-Service is getting easier and easier to access, according to a recent threat report. Self-named the ‘Eternity Project’, this cyber threat group offers services from a Tor website and on their Telegram channel. They sell a wide variety of malware in an organized fashion, including stealer, clipper, worm, miner, ransomware and distributed-denial-of-service bot services.

This alarms many security professionals. With Eternity, even inexperienced cyber criminals can target victims with a customized threat offering. Eternity sells malware for $90 to $490. As Malware-as-a-Service grows in sophistication, it’s easier than ever to access attack tools at low prices.

Malware for sale on telegram

According to Cyble, Eternity Project offers a wide variety of malware services on its Telegram channel, which has around 500 subscribers. The channel provides detailed information about the service’s features and even uses explainer videos. Eternity Project’s Telegram channel also shares news about their malware’s updates, just like any brand showcasing new features.

Source: Cyble

Eternity Project Stealer

What kind of damage can Eternity Project’s malware do? One example is Eternity Stealer. This malware lets users steal passwords, cookies, credit cards and crypto wallets from targets to later receive the stolen data directly on the Telegram bot.

The features of the stealer malware mentioned on the group’s Telegram channel include:

  • Browsers collection (passwords, credit cards, cookies, autofill, tokens, history, bookmarks)
  • Chrome, Firefox, Edge, Opera, Chromium, Vivaldi, IE and other browsers
  • Email clients: Thunderbird, Outlook, FoxMail, PostBox and MailBird.

It also offers ways to break into messenger apps, password managers and more.

According to the report, customers can build Eternity Stealer malware directly on the Telegram bot. Once the user selects a stealer product, options appear to add features such as AntiVM and AntiRepeat. Next, the user selects the available payload file extension such as .exe, .scr, .com or pif. Finally, users can download the exfiltrated payload directly from the Telegram channel.

Other services such as miner, clipper, ransomware and worm offer the same kind of convenience and customization. And it all occurs through an easy-to-use Telegram Q&A bot:

Source: Cyble

Malware-as-a-Service growth

The researchers state that they have seen a major increase in cyber crime through Telegram channels and forums. Threat groups are selling their products in the open without any type of sanction.

A large part of the success of these groups is their businesslike approach. They employ an agile development framework to develop malware. Later they go online to test their products on a victim, then they return to the lab to work out the bugs. They also implement advanced marketing techniques and place an emphasis on user experience and user interface.

Thwarting malware attacks

The authors of the threat report suggest some ways to mitigate malware. For example, it’s important to keep backups of all critical files. These backups should be kept offline or on completely separate networks. Turn on automatic software updates, and have security teams scan often for warnings and updates about mission-critical software.

The official CISA Stop Ransomware site also provides in-depth guidance against malware.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…