October 7, 2022

Zscaler researchers traced a newly discovered sample of LilithBot malware to the Eternity group, which is also behind the MaaS malware-as-a-service model.

“ThreatLabz recently discovered a sample of the multi-function malware LilithBot in our database. Further research revealed that this was associated with the Eternity group (a.k.a. EternityTeam; Eternity Project), a threat group linked to the Russian ‘Jester Group,’ that has been active since at least January 2022. Eternity uses an as-a-service subscription model to distribute different Eternity-branded malware modules in underground forums, including a stealer, miner, botnet, ransomware, worm +dropper and a DDoS bot,” the report, published by Zscaler, states.

LilithBot, an advanced malware, is a versatile threat that can be used as a miner, stealer and clipper. It can steal all information from infected systems, including browsing history, cookies, images and screenshots, and then upload it as a zip file to Command and Control.

It is also a multifunctional malware that is offered via a MaaS model and can be purchased through Tor, where it sells a wide range of malware, including stealers, miners, ransomware and DDoS bots.

Eternity Group is also working to improve the malware by adding new features such as anti-debugging features, anti-VM checks, and a DDoS bot malware that borrows code from the existing GitHub repository to actively expand its malware inventory and deploy advanced detection techniques.

LilithBot is sold to cybercriminals on a subscription basis: The Stealer module costs $260 per year, the Miner module $90 per year, Clipper malware $110, ransomware costs $490 and the Eternity worm $390.

The sources for this piece include an article in TheHackerNews.