Cybersecurity researchers have identified a dangerous new malware subscription service capable of facilitating a wide variety of attacks.
Branded the “Eternity Project”, the modular malware kit contains functionality that enables buyers to steal passwords and credit card information, launch ransomware attacks, infect victims with cryptomining malware and more.
In future, the malware authors also intend to deliver new features, including a utility that helps users launch targeted DDoS attacks.
The Eternity Project kit is being marketed in a Telegram channel with roughly 500 members, which is used by the developers to announce new features and instruct buyers on how to deploy the malware most effectively.
After selecting their desired feature set and paying the corresponding fee in cryptocurrency, buyers can reportedly utilize the Telegram Bot to compile the binary automatically. The ransomware module is the most expensive of all (at $490/year), but channel members can purchase the crypto miner for less than $100/year.
A deep-dive analysis of the infostealer module also highlights the versatility of the malware. According to researchers, this single utility can be used to harvest various data from a diverse range of apps, from web browsers and crypto wallets to VPN clients, messaging apps and more.
Worryingly, the Eternity Project toolkit is supposedly capable of bypassing antivirus and endpoint protection services too, a claim corroborated by Virus Total tests. Researchers at Cyble, the company responsible for identifying the threat, also say the malware is actively circulating in the wild.
Despite the range of threats posed by Eternity Project malware, Cyble says there are a few ways people can protect themselves. The best-practice advice includes maintaining regular data backups, ensuring software is always up to date and refraining from opening untrusted links and email attachments.