Eternity Group behind LilithBot malware

October 7, 2022

Zscaler researchers traced a newly discovered sample of LilithBot malware to the Eternity group, which is also behind the MaaS malware-as-a-service model.

“ThreatLabz recently discovered a sample of the multi-function malware LilithBot in our database. Further research revealed that this was associated with the Eternity group (a.k.a. EternityTeam; Eternity Project), a threat group linked to the Russian ‘Jester Group,’ that has been active since at least January 2022. Eternity uses an as-a-service subscription model to distribute different Eternity-branded malware modules in underground forums, including a stealer, miner, botnet, ransomware, worm +dropper and a DDoS bot,” the report, published by Zscaler, states.

LilithBot, an advanced malware, is a versatile threat that can be used as a miner, stealer and clipper. It can steal all information from infected systems, including browsing history, cookies, images and screenshots, and then upload it as a zip file to Command and Control.

It is also a multifunctional malware that is offered via a MaaS model and can be purchased through Tor, where it sells a wide range of malware, including stealers, miners, ransomware and DDoS bots.

Eternity Group is also working to improve the malware by adding new features such as anti-debugging features, anti-VM checks, and a DDoS bot malware that borrows code from the existing GitHub repository to actively expand its malware inventory and deploy advanced detection techniques.

LilithBot is sold to cybercriminals on a subscription basis: The Stealer module costs $260 per year, the Miner module $90 per year, Clipper malware $110, ransomware costs $490 and the Eternity worm $390.

The sources for this piece include an article in TheHackerNews.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn