CourseMonster

Cybercriminals Turn to Ransomware as a Service - Course Monster Blog Cybersecurity

Written by Marbenz Antonio | 15/11/2022 7:23:04 AM

A recent danger analysis says that Malware-as-a-Service is becoming more and more accessible. This cybercriminals threat organization, calling itself the “Eternity Project,” provides services via a Tor website and a Telegram channel. They manage the sale of a variety of malware, such as bot services for distributed denial of service attacks and stealers, clippers, worms, and miners.

This worries a lot of security experts. Even novice cybercriminals may target victims with a customized threat offering because of Eternity. Malware is offered by Eternity for $90 to $490. Accessing attack tools at low cost is now simpler than ever as Malware-as-a-Service becomes more advanced.

Cybercriminals: Malware for Sale on Telegram

According to Cyble, Eternity Project has over 500 followers on its Telegram channel and provides a wide range of malware services. The channel uses explanation videos and offers thorough information about the benefits of the service. Like any company presenting new features, Eternity Project also posts news regarding malware updates on its Telegram channel.


Source: Cyble

Cybercriminals: Eternity Project Stealer

What kind of damage can the malware from the Eternity Project cause? Eternity Stealer is one example. With the use of this malware, users can steal targets’ passwords, cookies, credit cards, and digital wallets and then receive the stolen information immediately on the Telegram bot.

According to the group’s Telegram channel, the stealer malware has the following features:

  • Browsers collection (passwords, credit cards, cookies, autofill, tokens, history, bookmarks)
  • Other browsers include IE, Vivaldi, Chromium, Opera, Edge, Chrome, Firefox, and more.
  • Thunderbird, Outlook, FoxMail, PostBox, and MailBird are examples of email clients.

It provides means to access password managers, chat apps, and more.

Customers can instantly develop Eternity Stealer malware on the Telegram bot, the research claims. Options to add features like AntiVM and AntiRepeat show once the user chooses a stealer product. The user then chooses a payload file extension from the list, such as.exe,.scr,.com, or pif. The exfiltrated payload can finally be downloaded straight from the Telegram channel by users.

The same level of convenience and customization is provided by other services including miner, clipper, ransomware, and worm. And it all happens via a simple Telegram Q&A bot:


Source: Cyble

Malware-as-a-Service Growth

According to the researchers, there has been a major increase in cybercrime through Telegram channels and forums. Threat organizations openly market their goods without being penalized.

These groups’ skill plays a big role in their success. To create malware, they use an agile development approach. Later, they use a victim to test their products online before going back to the lab to fix any issues. They also use cutting-edge marketing strategies and prioritize user interface and experience.

Defending Against Malware Attacks

The threat report’s authors offer some advice for minimizing malware. For instance, it’s important to maintain backups of all key files. Keep these backups offline or on entirely different networks. Activate automated software updates, and have security teams keep checking for alerts and upgrades about software that is mission-critical.

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com