[MART] - Daily Diary #610 - LilithBot Malware Tied to the Eternity Project

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Oct 7 21:36:21 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

10/07/2022 - Diary entry #610:

In our Daily Diary #510, we covered a new Malware-as-a-Service operation named Eternity Project that offers a variety of malware as a service for sale and even provides a Telegram channel to share information about the malware's operations and updates.

As we discussed in the Daily Diary #510, “Eternity Project poses a threat to end-users and as a malware-as-a-service especially considering how cheap it is to other threat actors. It offers a Credential Stealer, a Clipper (that monitors the victim's clipboard to replace cryptocurrency wallets addresses), a Virus (that spreads through USB drives, network shares, cloud drivers, and others.), a CryptoMiner, a Ransomware, and a DDoS Bot”.

Most recently, a new multifunctional malware bot dubbed LilithBot was discovered and linked to the Eternity Project MaaS operation. LilithBot registers the victim on its botnet and it can act as a miner, clipper, and stealer, uploading stolen data (browser history, cookies, pictures, screenshots, and more) to its C2 using the Tor network. The malware implements anti-VM capabilities and uses a legitimate Microsoft-signed file that is expired/invalid.

Malware-as-a-Service operations nowadays are becoming highly profitable among the threat actors - both “clients“ and “providers“. The cheap prices offered by such services and their increased popularity are raising funds for the threat actors, encouraging them to improve their capabilities and offer better services to their “clients”.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221007/e0e4773d/attachment.htm>

More information about the MART mailing list