Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals


The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot.

“It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms,” Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report.

“The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks.”


Eternity Project came on the scene earlier this year, advertising its warez and product updates on a Telegram channel. The services provided include a stealer, miner, clipper, ransomware, USB worm, and a DDoS bot.


LilithBot is the latest addition to this list. Like its counterparts, the multifunctional malware bot is sold on a subscription basis to other cybercriminals in return for a cryptocurrency payment.


Upon a successful compromise, the information gathered through the bot – browser history, cookies, pictures, and screenshots – is compressed into a ZIP archive (“”) and exfiltrated to a remote server.

The development is a sign that the Eternity Project is actively expanding its malware arsenal, not to mention adopting sophisticated techniques to bypass detections.