Security researchers have found that malware that steals passwords, cookies, and payment card data from web browsers is sold through the Telegram Channel and the Tor website. Collectively named the ‘Eternity Project’ by its architects, the malware suite already includes steelers, clippers, worms, miners, and ransomware, but the Distributed Daniel of Service (DDoS) bot is still under development.
The Telegram Channel provides information to up to 500 subscribers about upcoming software updates and videos documenting malware activity. According to the Cyble Research Labs blog post, “Interestingly, people who buy malware can use the telegram bot to create binary. “TAs [bullying actors] provide an option on the telegram channel to customize binary features, which provides an effective way to generate binary options without any dependence.”
The Steel module, which costs $ 260 per year subscription, also exfoliates autofill data, tokens, history, and bookmarks from Chrome, Chromium, Firefox, Edge, Opera, and more than 20 other browsers.
Various system credentials and other data are collected from an infected machine into a threat actor telegram boat through a wide range of cryptocurrency crypto-wallets and browser cryptocurrency extensions.
Eternity ransomware, meanwhile, can encrypt documents, photos, and databases on disk, local shares, and USB drives on compromised machines. The ransomware utility – the most expensive option at $ 490 – offers offline encryption, an encryption algorithm that combines AES and RSA, and the option to set a time limit without decrypting files.
Eternity Worm, priced at $ 390, promotes local files and infected machines through local network shares; Google Drive, OneDrive, and DropBox; And Ignore, Telegram, and Python Interpreter. For $ 110, Budding CyberCrooks can use clipper malware that supports multiple address formats for BTC, LTC, ZEC, and BCH, while the $ 90-year cryptocurrency mining module provides silent monero mining and automatic restarts.
Researchers suspect that the developer behind the Eternity project ‘Dynamic Stealer’ is reusing the code in the GitHub repository, and in February Jester Steeler found possible links with documented threat actors documented by the malware cycle.
Cyber Research Labs recently reported a “significant increase in cybercrime through telegram channels and cybercrime forums”. Individuals and organizations are advised to protect themselves by installing well-known security software, enabling automatic software updates if possible, backing up data regularly and keeping backups offline or on a dedicated network, and verifying off-linked links.