The threat actor behind the malware-as-a-service (MaaS) known as Eternity Group has been linked to new piece of malware called LilithBot.
"It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report.
"The group has been continuously enhancing the malware, adding improvements such as anti-debug and anti-VM checks."
![Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPJqG-_vBdld4mKDQV0jycRh5ED5SLMe5CL08ldq3UMFq3DV9n5S2fO3ebJV0_EvNXJg56IBsf7U3bc_NqbcH2exzd3gz33MP0IOdCULyAKCmNYR6bkxkGGwfC7r1r4Czo4H3hCQjMqyKvKnyD_pBwKhtRSmGAsxN1Yhf3_hkGWqJSCpmANMbmvXryhMUa/s728-e300/intel-d.png)
Eternity Project came on the scene earlier this year, advertising its warez and product updates on a Telegram channel. The services provided include a stealer, miner, clipper, ransomware, USB worm, and a DDoS bot.
LilithBot is the latest addition to this list. Like its counterparts, the multifunctional malware bot is sold on a subscription basis to other cybercriminals in return for a cryptocurrency payment.
Upon a successful compromise, the information gathered through the bot – browser history, cookies, pictures, and screenshots – is compressed into a ZIP archive ("report.zip") and exfiltrated to a remote server.
The development is a sign that the Eternity Project is actively expanding its malware arsenal, not to mention adopting sophisticated techniques to bypass detections.