March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-22573 – Google OAuth Client Library for Java Vulnerability
May 20, 2022
Rewterz Threat Advisory – CVE-2022-20821 – Cisco IOS XR Vulnerability
May 23, 2022
Rewterz Threat Advisory – CVE-2021-22573 – Google OAuth Client Library for Java Vulnerability
May 20, 2022
Rewterz Threat Advisory – CVE-2022-20821 – Cisco IOS XR Vulnerability
May 23, 2022
Severity
Medium
Analysis Summary
Eternal Stealer – a malware family – can access data from systems like Credential Manager, Vault, and Network Passwords. Browsers, password managers, email clients, messengers, and offline cryptowallets are all targets of this malware (cold wallets). Its creator uses Telegram IM (Instant Messaging) service to market their malicious wares.
Recently some researchers examined the ‘Eternity Project,’ a Tor website that sells a wide range of malware, including stealers, miners, ransomware, and DDoS Bots. Its operators also run a Telegram channel with 500 followers, which is used to share information related to malware updates. Through their Telegram channel, they allow their customers to customize the binary characteristics.
Eternity Stealer
The Stealer module is available for $260 per year as a subscription. It steals sensitive data such as passwords, cookies, credit cards, and crypto-wallets from infected systems. Telegram Bot is used to exfiltrate stolen data.
Eternity Miner & Clipper
Customers can configure the Eternity Miner module with their own Monero pool and AntiVM features for $90 as a yearly subscription. For $110, the Eternity operators also offer the clipper malware, which monitors the clipboard for cryptocurrency wallet addresses and substitutes them with the attackers’ wallet addresses.
Eternity Ransomware & Worm
The Eternity Ransomware costs $490, whilst the Eternity Worm costs $390.
According to researchers,
They have seen a considerable growth in cybercrime via Telegram groups and cybercrime forum, where TAs sell their products without any oversight.
Impact
- Sensitive Information Theft
- Credential Theft
- Crypto wallet Theft
Indicators of Compromise
MD5
- 8d52a66459df0ea387d5aab3fc7a2bc9
- c4b46a2d0898e9ba438366f878cd74bd
- 76c5b877fb931ed728df30c002bf8823
- b35aa57c5c963bde7abee2a4e459b146
SHA-256
- eb812b35acaeb8abcb1f895c24ddba8bb32f175308541d8db856f95d02ddcfe2
- 025e74a98cb22aab0eb2dbff69cb5abd4f1d529925d9e456f92f5fd6ff1e11c3
- 55bf0aa9c3d746b8e47635c2eae2acaf77b4e65f3e6cbd8c51f6b657cdca4c91
- 656990efd54d237e25fdb07921db3958c520b0a4af05c9109fe9fe685b9290f7
SHA-1
- 1707b034483eb9f279dfaa3a8862592bddb2ac4e
- f95a0529fbb8aa61cd3dee602fa6555b2c86dd62
- 16a8a21ef1a30849bedc514e42286de7676db5af
- e0817176fa7e1875a5d301b47d9a9a6977c39da5
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.