Threat Watch

Eternity Malware Suite Discovered

Researchers at Cyble Research Labs discovered a website on the The Onion Router network (TOR) that lists a variety of malware for sale including stealers, clippers, worms, miners, ransomware and DDoS Bots collectively known as the “Eternity Project.” The threat group appears to have a Telegram channel with around 500 subscribers. This is the method in which they communicate their development efforts. This Telegram channel also employs a novel method of purchasing custom compiled binaries. By messaging the Telegram Bot, buyers of the malware can customize the product including options such as “AntiVM” for analysis evasion, or “AntiRepeat” to prevent repeat infections. Buyers also have a choice of various output file extensions such as .exe, .scr, .com, and .pif. Each item in this malware marketplace is sold as an annual subscription with the following pricing:

  • Eternity Miner: $90
  • Eternity Clipper: $110
  • Eternity Ransomware: $490
  • Eternity Worm: $390
  • Eternity DDoS Bot: Still in development

Cyble Research Labs concluded their report with an observation of the significant increase in cybercrime through Telegram channels and forums.

ANALYST NOTES

Dangerous malware is becoming easier and easier for threat actors of any skill level to find, purchase, and deploy. Following best practices is more important than ever. Cyble Research Labs agrees, and lists the following helpful best practices:

• Conduct regular backup practices and keep those backups offline or in a separate network.
• Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic. 
• Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.
• Refrain from opening untrusted links and email attachments without verifying their authenticity.

A closer look at Eternity Malware