Cyble researchers detail their discovery of the ‘Eternity Project,’ a new malware-as-a-service offering that includes stealers, clippers, worms, miners, ransomware, and DDoS Bots. The group is said to have a Telegram channel (with 500+ subscribers) promoting the malware, complete with detailed videos of the products. Excerpt:
The features of the stealer malware mentioned on the TAs website and Telegram channel are:
- Browsers collection (Passwords, CreditCards, Cookies, AutoFill, Tokens, History, Bookmarks):
- Browsers: Chrome, Firefox, Edge, Opera, Chromium, Vivaldi, IE, and +20 more.
- Email clients: Thunderbird, Outlook, FoxMail, PostBox, MailBird.
- Messengers: Telegram, Discord, WhatsApp, Signal, Pidgin, RamBox.
- Cold cryptocurrency wallets: Atomic, Binance, Coinomi, Electrum, Exodus, Guarda, Jaxx, Wasabi, Zcash, BitcoinCore, DashCore, DogeCore, LiteCore, MoneroCore.
- Browser cryptocurrency extensions: MetaMask, BinanceChain, Coinbase Wallet, and 30+ more.
- Password managers: KeePass, NordPass, LastPass, BitWarden, 1Password, RoboForm and 10+ more.
- VPN clients: WindscribeVPN, NordVPN, EarthVPN, ProtonVPN, OpenVPN, AzireVPN.
- FTP clients: FileZilla, CoreFTP, WinSCP, Snowflake, CyberDuck.
- Gaming software: Steam session, Twitch, OBS broadcasting keys.
- System credentials: Credman passwords, Vault passwords, Networks passwords).
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.