Ransomware as a Service turns gangs into a business

MalwareGetting to-as-a-Service just got easier and easier, according to a recent threat report. This cyberthreat group, called the “Eternity Project,” offers services from the Tor website and on their Telegram channel. They sell a variety of malware in an organized manner, including theft, snooping, worm, miner, ransomware, and distributed denial-of-service bots.

This alarms many security professionals. With Eternity, even inexperienced cybercriminals can target victims by displaying a customized threat. Eternity sells the malware for $90 to $490. With the development of Malware as a Service, it’s easier than ever to access low-cost attack tools.

Malware for sale on Telegram

according to sibelThe Eternity Project offers a variety of malware services on its Telegram channel, which has around 500 subscribers. The channel provides detailed information about the features of the service and even uses explainer videos. The Eternity Project’s Telegram channel also shares the news about malware updates, just like any brand offering new features.

Source: Cyble

thief project immortality

What kind of damage can Eternity Project malware do? One example is the immortality thief. This malware allows users to steal passwords, cookies, credit cards and crypto wallets from targets to later receive the stolen data directly on the Telegram bot.

The features of the theft malware mentioned in the group’s Telegram channel include:

• Browsers combination (passwords, credit cards, cookies, autofill, tokens, history, bookmarks)
• Chrome, Firefox, Edge, Opera, Chromium, Vivaldi, IE and other browsers
• Email clients: Thunderbird, Outlook, FoxMail, PostBox, MailBird.

It also provides ways to hack messaging apps, password managers, and more.

According to the report, customers can create Eternity Stealer malware directly on the Telegram bot. Once the user selects a steal product, options to add features such as AntiVM and AntiRepeat appear. Then the user selects the available payload file extension as .exe, .scr, .com or pif. Finally, users can download the leaked payload directly from the Telegram channel.

Other services like miner, slasher, ransomware, and worm offer the same kind of convenience and customization. And it all happens through an easy-to-use Telegram Q&A bot:

Source: Cyble

Malware as a Service Growth

The researchers state that they have seen a significant increase in cybercrime through Telegram channels and forums. Threat groups sell their products in the open without any kind of penalties.

A big part of the success of these groups is Their practical approach. They use an agile development framework to develop malware. Later, they go to the Internet to test their products on the victim, and then go back to the lab to find out the bugs. They also implement advanced marketing techniques and focus on user experience and user interface.

thwart malware attacks

The authors of the threat report suggest some ways to mitigate Malware. For example, it is important to keep backup copies of all important files. These backups should be kept offline or on completely separate networks. Turn on automatic software updates, and have security teams scan frequently for warnings and updates about mission-critical software.

the official CISA Stop Ransomware The site also provides in-depth guidance against malware.

Continue reading