"LilithBot Malware, a New MaaS Offered by the Eternity Group"

Zscaler researchers have linked a newly discovered sample of LilithBot malware to the Eternity Group, also known as EternityTeam and Eternity Project. The Eternity Group runs a Malware-as-a-Service (MaaS) platform and is linked to the Russian "Jester Group," which has been active since at least January 2022. Researchers at cybersecurity firm Cyble examined a Tor website called 'Eternity Project' in May, which sells a wide range of malware, including stealers, miners, ransomware, and Distributed Denial-of-Service (DDoS) bots. During a routine investigation, the experts discovered the marketplace and that its operators have a Telegram channel with approximately 500 subscribers. The channel was used to distribute malware listings and updates. The project's operators allow their customers to customize the binary features via the Telegram channel. The operators charge $260 per year for the Stealer module, which allows them to steal sensitive information from infected systems, such as passwords, cookies, credit cards, and cryptocurrency wallets. Telegram Bot is used to exfiltrate stolen data. Customers can customize the Eternity Miner module with their own Monero pool and AntiVM features for $90 as an annual subscription. The Eternity operators also sell the clipper malware for $110, which searches the clipboard for cryptocurrency wallets and replaces them with the attackers' wallet addresses. This article continues to discuss the threat actor behind the Eternity MaaS being linked to a new malware strain called LilithBot.

Security Affairs reports "LilithBot Malware, a New Maas Offered by the Eternity Group"