Cyble researchers detail their discovery of the ‘Eternity Project,’ a new malware-as-a-service offering that includes stealers, clippers, worms, miners, ransomware, and DDoS Bots. The group is said to have a Telegram channel (with 500+ subscribers) promoting the malware, complete with detailed videos of the products. Excerpt:
The features of the stealer malware mentioned on the TAs website and Telegram channel are:
- Browsers collection (Passwords, CreditCards, Cookies, AutoFill, Tokens, History, Bookmarks):
- Browsers: Chrome, Firefox, Edge, Opera, Chromium, Vivaldi, IE, and +20 more.
- Email clients: Thunderbird, Outlook, FoxMail, PostBox, MailBird.
- Messengers: Telegram, Discord, WhatsApp, Signal, Pidgin, RamBox.
- Cold cryptocurrency wallets: Atomic, Binance, Coinomi, Electrum, Exodus, Guarda, Jaxx, Wasabi, Zcash, BitcoinCore, DashCore, DogeCore, LiteCore, MoneroCore.
- Browser cryptocurrency extensions: MetaMask, BinanceChain, Coinbase Wallet, and 30+ more.
- Password managers: KeePass, NordPass, LastPass, BitWarden, 1Password, RoboForm and 10+ more.
- VPN clients: WindscribeVPN, NordVPN, EarthVPN, ProtonVPN, OpenVPN, AzireVPN.
- FTP clients: FileZilla, CoreFTP, WinSCP, Snowflake, CyberDuck.
- Gaming software: Steam session, Twitch, OBS broadcasting keys.
- System credentials: Credman passwords, Vault passwords, Networks passwords).
Remember me? Seriously, when your browser asks you to allow it to remember your credentials, your answer should always be ‘No or Never.’ Unfortunately, browser manufacturers have duped users into a sense of security by allowing them to remember sensitive information including passwords, credit cards, addresses, etc. without regard to the risk they are taking.
Web browsers and other tools not purpose built for identity and password management are akin to using an umbrella in a hurricane. It\’s incumbent upon all of us to use military grade protection in the cyberwar we all face every time we touch a screen or keyboard. The days of being cyber complacent are over. Find and use a good password manager. Pay for the premium versions which costs less than a cup of coffee and a bagel for a one-year subscription.
Above all else, use multiple layers of defense. Like it or not, we\’re at war when it comes to protecting our private information. Assume and recognize your credentials have already been compromised and take proactive measures immediately to defend yourself and those around you. Protective gear and defensive weapons are not optional in this day and age.