Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Pierluigi Paganini May 16, 2022

Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code.

Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots.

The experts discovered the marketplace during a routine investigation, they also discovered that its operators also have a Telegram channel with around 500 subscribers. The channel was used to share information about malware listings and updates.

The operators behind the project allow their customers to customize the binary features through the Telegram channel.

Eternity Stealer

The operators sell the Stealer module for $260 as an annual subscription, it allows to steal a lot of sensitive information from infected systems, including passwords, cookies, credit cards, and crypto-wallets. Stolen data are exfiltrated via Telegram Bot.

The Eternity Miner module goes for $90 as an annual subscription, customers can customize it with their own Monero pool and AntiVM features. The Eternity operators also sells the clipper malware for $110, it monitors the clipboard for cryptocurrency wallets and replaces them with the wallet address of the attackers,

The Eternity Ransomware goes for $490 while the Eternity Worm is available for $390.

According to Cyble, the operators behind the Eternity Project are also developing a DDoS Bot malware borrowing code from the existing Github repository. The experts speculate that the Jester Stealer could also be rebranded from this particular Github project which indicates some links between the two Threat Actors.

“Cyble Research Labs has observed a significant increase in cybercrime through Telegram channels and cybercrime forums where TAs sell their products without any regulation. We have encountered the Eternity products being sold on one such Telegram channel and TOR website.” concludes Cyble, which also shared Indicators of Compromise (IoCs) for this threat.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 28, 2025

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini July 28, 2025