A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.
That’s according to researchers at Zscaler’s ThreatLabz threat intelligence unit. It said the Eternity group – also known as EternityTeam and Eternity Project – is offering the multifunction LilithBot malware through a dedicated Telegram group and a Tor link where cybercriminals can acquire various payloads via subscriptions.
The malware as a service (MaaS) group has been active since at least January, distributing a range of modules under the Eternity brand that – along with the stealer and miner malware – include ransomware, a distributed denial-of-service (DDoS) bot, worm and dropper, and a clipper that spoofs crypto addresses in wallets, the researchers wrote in a report.
Source: The Register