Security researchers have discovered that, MALWARE which steals cookies, passwords, and payment card data has been sold through telegram channel and a tor website.
Altogether named the eternity project by their architects. Malware also includes stealers, clippers, worms, miners, and ransomware with DDoS bot evidently under development.
A telegram channel provides all the information about forthcoming software updates and videos documenting the malware’s functionality to hundreds of subscribers.
Cyble research labs said that people who purchase malware could utilize the telegram bot to build the binary.
Dhanalakshmi PK, Cyble’s senior director for malware and intelligence research said that The malware offers highly developed features, with enhancement in the pipeline, and has been largely deployed around the world. She also said that infinite stealer also snips credentials from configuration files of VPN clients along with the password manager tools which are listed, but it doesn’t have any keylogging capabilities.
At the time of analysis, the telegram channel has 500 subscribers, which indicates that there might be a massive impact by other threat actors.
Eternity ransomware can also encode documents, photos, and databases on disk USB shares and local drives.
The ransomware facility offers offline encryption, which is encryption that combines AES and RSA and also offers the option to set a time limit after which the files cant be decrypted. This is the most expensive option at $490.
Researchers feel that the developer of the eternity project is repurposing code in the DynamicStealer GitHub repository and also identified links with the threat actor behind the jester stealer malware.
Due to the sudden increase in cybercrime through telegram channel and cybercrime forums, individuals and organizations have to protect themselves by installing reputable software, enabling automatic software updates, regularly backing up data, and keeping backups offline.
