Researchers at Cyble Research Labs discovered a website on the The Onion Router network (TOR) that lists a variety of malware for sale including stealers, clippers, worms, miners, ransomware and DDoS Bots collectively known as the “Eternity Project.” The threat group appears to have a Telegram channel with around 500 subscribers. This is the method in which they communicate their development efforts. This Telegram channel also employs a novel method of purchasing custom compiled binaries. By messaging the Telegram Bot, buyers of the malware can customize the product including options such as “AntiVM” for analysis evasion, or “AntiRepeat” to prevent repeat infections. Buyers also have a choice of various output file extensions such as .exe, .scr, .com, and .pif. Each item in this malware marketplace is sold as an annual subscription with the following pricing:
- Eternity Miner: $90
- Eternity Clipper: $110
- Eternity Ransomware: $490
- Eternity Worm: $390
- Eternity DDoS Bot: Still in development
Cyble Research Labs concluded their report with an observation of the significant increase in cybercrime through Telegram channels and forums.