Threat actors unveiled a multipurpose cybercrime service in May that was intended to help both inexperienced and skilled attackers. Eternity Project quickly gained popularity as a Malware-as-a-Service (MaaS).
The threat actor has now developed LilithBot, a multipurpose piece of malware. The Russian Jester Group is linked to the Eternity Group in turn. Through a dedicated Telegram channel that can be purchased via Tor, LilithBot is distributed. The malware has sophisticated persistence mechanisms and can be used as a stealer, clipper, and miner.
Upon entering the system, the malware registers itself and deploys the configuration file by layer-by-layer decryption. It uses a variety of field types, including AES-encrypted GUIDs, license keys, and encoding keys. LilithBot then steals all the data and uploads a ZIP file containing itself to its C2.