{
	"id": "bed50ac5-debc-49e7-b464-9451c0e5ac8b",
	"created_at": "2026-04-06T00:17:45.124314Z",
	"updated_at": "2026-04-10T13:12:55.841833Z",
	"deleted_at": null,
	"sha1_hash": "ce150efae4f3ad6304e3b7adec363c2e95d742b6",
	"title": "Eternity malware kit offers stealer, miner, worm, ransomware tools",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4378538,
	"plain_text": "Eternity malware kit offers stealer, miner, worm, ransomware tools\r\nBy Bill Toulas\r\nPublished: 2022-05-12 · Archived: 2026-04-05 21:14:36 UTC\r\nThreat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware\r\ntoolkit that can be customized with different modules depending on the attack being conducted.\r\nThe malware toolkit is modular and can include an info-stealer, a coin miner, a clipper, a ransomware program, a worm\r\nspreader, and soon, also a DDoS (distributed denial of service) bot, each being purchase seperately.\r\nThe Eternity Project site (Cyble)\r\nAll of the above are promoted on a dedicated Telegram channel that counts over 500 members, where the authors post\r\nrelease notes for updates, usage instructions, and discuss feature suggestions.\r\nhttps://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThose who have bought the malware kit can utilize the Telegram Bot to build the binary automatically after selecting which\r\nfeatures they want to activate and paying for them with crypto.\r\nPurchasing malware modules for auto-build (Cyble)\r\nTools in detail\r\nStarting with the info-stealer, which is sold for $260/year, this tool snatches passwords, credit cards, bookmarks, tokens,\r\ncookies, and autofill data stored in over twenty web browsers.\r\nAdditionally, it can steal information from cryptocurrency extensions or even cold wallets, and it also targets ten password\r\nmanagers, VPN clients, messengers, and gaming clients.\r\nThe miner module costs $90/year and features task manager hiding, auto-restart when killed, and startup launch persistence.\r\nThe clipper is sold for $110 and is a utility that monitors the clipboard for cryptocurrency wallet addresses to replace them\r\nwith wallets under the operator's control.\r\nThe developer sells the Eternity Worm for a whopping $390, giving the malware the capability to spread on its own via USB\r\ndrivers, local network shares, local files, cloud drives, Python projects (through the interpreter), Discord accounts, and\r\nTelegram accounts.\r\nhttps://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nPage 3 of 5\n\nExample of the malware spreading via a Discord account (Cyble)\r\nFinally, Eternity ransomware, the most expensive module, is $490. It supports offline encryption using a combination of\r\nAES and RSA and targets documents, photos, and databases.\r\nThe authors claim it's FUD (fully undetectable), a claim that is supposedly backed by Virus Total results where the strain\r\nreturns zero detections.\r\nInterestingly, the ransomware module offers an option to set a timer that renders the files completely unrecoverable when it\r\nexpires. This puts additional pressure on the victim to pay the ransom quickly.\r\nRansomware timer threatening to corrupt files (Cyble)\r\nReal or scam?\r\nAnalysts at Cyble who discovered the Eternity Project told Bleeping Computer that while they didn't have the chance to\r\nexamine all of the modules yet, they have seen samples of the malware circulating and used in the wild, and all user\r\ncomments on Telegram point to this being a real threat.\r\nhttps://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nPage 4 of 5\n\nBy looking into the stealer module, Cyble analysts found several similarities to the Jester Stealer, both probably derived\r\nfrom a GitHub project named DynamicStealer.\r\nAs such, the \"Eternity Stealer\" is most likely a copy of that code, followed by modifications and rebranding to sell it on\r\nTelegram for profit.\r\nEven if this is \"skidware\", the additional modules, customer support, automated building, and detailed instructions on how\r\nto use the malware, make it a potent weapon in the hands of unskilled hackers and a severe threat to internet users.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nhttps://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/"
	],
	"report_names": [
		"eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools"
	],
	"threat_actors": [],
	"ts_created_at": 1775434665,
	"ts_updated_at": 1775826775,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ce150efae4f3ad6304e3b7adec363c2e95d742b6.pdf",
		"text": "https://archive.orkl.eu/ce150efae4f3ad6304e3b7adec363c2e95d742b6.txt",
		"img": "https://archive.orkl.eu/ce150efae4f3ad6304e3b7adec363c2e95d742b6.jpg"
	}
}