Researchers are raising awareness and concerns about malicious malwares are been circulated and sold via Telegram service.
The researchers initially discovered a TOR website providing details about a toolkit containing different types of malware. The toolkit is known as Eternity Project and is associated with a Telegram channel, where the project’s developers sell annual subscriptions to six different kinds of malware as mentioned below.
- Eternity Stealer: steals passwords, cookies, credit cards, and crypto-wallets
- Eternity Miner: quietly mines cryptocurrency while staying hidden
- Eternity Clipper: replaces cryptocurrency wallet addresses in clipboard with threat actors’ wallet addresses in order to redirect funds
- Eternity Ransomware: encrypts all files until a ransom is paid or a timer runs out
- Eternity Worm: a virus that spreads by way of USB drives, files, networks, and Discord and Telegram messages
- Eternity DDoS Bot: still under development, but will presumably infect systems to form a botnet suitable for carrying out distributed denial of service (DDoS) attacks.
Once after purchasing it, the user will get access to the telegram channel. The Telegram bot asks the user to upload an executable file so the malware can mimic a legitimate program. Once the user inputs all the requested information, the Telegram bot generates a custom tailored build of the selected malware.
The researchers said they yet to examine all the malware modules in detail, to confirm whether the malware is undetectable. But they able to confirm that malware from the Eternity Project toolkit is circulating in the wild, which is still worrying regardless of whether the malware is fully undetectable.
The developers of Eternity Project claim that their main servers are located in Ukraine and have posted threats, warning buyers not to distribute the malware in Ukraine. Developers helping to unleash a full suite of malware on the world are most likely fooling themselves if they think they can keep said malware out of a country actively engaged in cyberwarfare.
This research was conducted by Cyble firm