Heimdal
article featured image

Contents:

A recently discovered malware called LilithBot is linked to the Eternity group, Zscaler researchers claim.

Earlier this year, Eternity Project came up on a Telegram channel advertising a toolkit which included a stealer, miner, clipper, ransomwareworm spreader, and a DDoS bot.

The threat actor behind the Eternity malware-as-a-service (MaaS) has expanded its arsenal and now there is another threat to put Internet users at risk.

Source

The Latest Addition, LilithBot

Among the other “services” provided, the list now also contains LilithBot. The multifunctional malware bot is sold on a yearly subscription basis to other cybercriminals in exchange for cryptocurrency payment.

The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks.

Source

According to Zscaler, once the threat actor registers the user on its botnet, all the gathered information, such as browser history, cookies, pictures, and screenshots, is compresses into a ZIP archive (“report.zip”) and exfiltrated to a remote server using the Tor network. Also, the malware seems to be using fake certificates to bypass detections.

Telegram as a Marketplace for Cybercriminals

With a Telegram channel with around 500 subscribers, the Eternity Project appears to be actively expanding. The channel provides cybercriminals with updates and instructions, as well as customer support. Furthermore, the group has been linked to the Russian “Jester Group,” which has been active since at least January 2022.

As BleepingComputer explained, a loose approach to moderating content and a free cross-platform instant messaging service, turn Telegram into the perfect place for hackers to run their business without having to resort to the dark web markets. The considerable number of users also means a wider audience of interested buyers for the stolen data.

If you liked this article, follow us on LinkedInTwitterFacebook, YouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE