One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 7340348 |
| Date de publication | 2022-10-07 15:31:31 (vue: 2022-10-07 23:05:48) |
| Titre | LilithBot Sold as Malware-as-a-Service (MaaS) |
| Texte | FortiGuard Labs is aware of a report that the LilithBot malware is being sold as Malware-as-a-Service (MaaS) by a group called "Eternity". LilithBot is a multi-functional malware that can act as infostealer, cryptominer and clipper. The Eternity group is said to sell other malware types such as ransomware.Why is this Significant?This is significant as LilithBot is multi-functional and is sold as Malware-as-a-Service. This means that LilithBot provides various buyers the instant ability to control infected machines for malicious purposes.What is LilithBot ?LilithBot is a malware variant that is being sold by the Eternity group and has built-in functionalities that contain the following:Infostealer that collects pictures and information from browsers. It also uploads collected information to its C2 servers.Cryptominer that mines Monero (XMR) cryptocurrency.Clipper that monitors a user's clipboard and replaces user's crypto addresses with the attacker's addresses.What is the Eternity Group?According to reports, Eternity is a cybercriminal group that sells various malware including LilithBot and ransomware as a combined Malware-as-a-Service on Tor. Bitcoins and various altcoins such as Monero and Ethereum are reportedly accepted as payment for usage.What is the Status of Protection?FortiGuard Labs provides the following AV coverage for LilithBot malware:MSIL/Agent.AES!tr.spyW64/GenKryptik.FQTL!trW32/PossibleThreatAll reported network IOCs are blocked by the WebFiltering client. |
| Envoyé | Oui |
| Condensat | ability accepted according act addresses aes also altcoins are attacker aware being bitcoins blocked browsers built buyers called can client clipboard clipper collected collects combined contain control coverage crypto cryptocurrency cryptominer cybercriminal eternity ethereum following following:infostealer fortiguard fqtl from functional functionalities group has including infected information infostealer instant iocs its labs lilithbot maas machines malicious malware malware:msil/agent means mines monero monitors multi network other payment pictures protection provides purposes ransomware replaces report reported reportedly reports said sell sells servers service significant sold spyw64/genkryptik status such tor trw32/possiblethreatall types uploads usage user variant various webfiltering what why xmr |
| Tags | Ransomware Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.