September 22, 2023

A recently discovered sample of a new malware called LilithBot is linked to the Eternity group. The Eternity group operates a homonymous malware-as-a-service, linked to the Russian Jester Group.

Eternity Project a TOR project was analyzed, that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. Also discovered that its operators also have a Telegram channel with around 500 subscribers. The channel was used to share information about malware listings and updates.

Advertisements

The operators behind the project allow their customers to customize the binary features through the Telegram channel, selling the Stealer module for $260 as an annual subscription, it allows to steal a lot of sensitive information from infected systems, including passwords, cookies, credit cards, and crypto-wallets. Stolen data are exfiltrated via Telegram Bot.

The Eternity operators also sells the clipper malware for $110, it monitors the clipboard for cryptocurrency wallets and replaces them with the wallet address of the attackers. The Eternity Ransomware goes for $490 while the Eternity Worm is available for $390.

A DDoS Bot malware also under development, for borrowing code from the existing GitHub repository. The experts speculate that the Jester Stealer could also be rebranded from this GitHub project which indicates some links between the two Threat Actors.

LilithBot is an advanced malware distributed by the Eternity group via a dedicated Telegram channel and can be purchased via Tor. It is a flexible threat that can be used as a miner, stealer, and clipper.

Advertisements

The threat actors are continuously enhancing the malware by adding new features, including as anti-debugging capabilities and anti-VM checks.

LilithBot can steal all the information from infected systems, then uploads itself as a zip file to Command and Control.it is a multifunctional malware that is also offered through a MaaS model.

This research was documented by researchers from ZScaler

Indicators Of Compromise

  • 0ebe8de305581c9eca37e53a46d033c8 
  • 1cae8559447370016ff20da8f717db53 
  • e793fcd5e44422313ec70599078adbdc
  • 65c0241109562662f4398cff77499b25 
  • 77.73.133.12
  • 45.9.148.203
  • 91.243.59.210
  • 195.2.71.214
Tags:

Leave a Reply

You may have missed

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023
%d bloggers like this: