Short visit to the “Eternity Project” dark web malware store, which the administrator has closed

Attack kits, such as "ransomware", are readily available on the dark web. After a brief exchange between French media and the administrator of a dark web store called the "Eternity Project", "ODN" discovered that the store was offline and that the administrator had shut down access to its website.

Cyber attacks can affect anyone, from multinational corporations to individuals, including small and medium-sized businesses and public administrations, but they can also be carried out by almost anyone. While ransomware attacks are mostly carried out by well-organized groups, similar to small and medium-sized criminal organizations, they do not have a monopoly on malicious behavior in the digital world, and some of the ransomware tools they use are increasingly available to any malicious person who wants to hack.

In the past few days, a new dark web store has appeared in the news: the "Eternity Project". This online cybercrime supermarket is of course only accessible on the dark web, and is presented in such a professional manner that it looks like a very ordinary commercial website, offering its customers a wide range of malware, including ransomware, worms and (soon) DDoS attack software, at very low prices. The homepage shows the full range of services available: ransomware, software for stealing credit card data, cryptocurrency mining software …… Clicking on each icon provides more detailed information about the products sold.

As an example, the ransomware attack kit costs $490 per year, equivalent to about 470 francs, paid in cryptocurrency. The site administrator of the "Eternity Project" store offers all the specifications of its software: it can encrypt all files, photos and databases on disks and USB keys, it can even encrypt data offline, and it uses very powerful encryption algorithms. The ransomware also allows you to set an expiration date after which the files will never be decrypted.

Another example is the possibility of purchasing the so-called "Eternity Stealer" for $260 per year. This is malware that can steal passwords, cookies (small text files that collect browsing data), credit card data and cryptocurrency wallet information and send them to Telegram bots. "According to the administrators of the Eternity Project store, the malware can attack more than 20 browsers, including Chrome, Edge and Firefox, as well as password managers, VPN services, FTP clients, gaming software, email and Telegram. Discord, WhatsApp or Signal, and other instant messengers.

Subscribers can also purchase the worm, which spreads from one system to another via USB and cloud drives, infected files and network resources, for $390. The worm sends phishing messages to Telegram and Discord, tricking victims into downloading malware.

Cyble, a U.S. cybersecurity firm, has just published a small study of this cybercrime supermarket. The investigation found that its administrator "also has a Telegram channel with about 500 subscribers, where he provides information about the malware's operation and functionality through detailed videos. the Telegram channel also broadcasts updates about the malware, suggesting that the perpetrators are actively working to improve the software's functionality. "

An online dark web store with detailed explanations and updates as well as professional services. The French press contacted the (anonymous) administrator of the site, who succinctly answered the questions posed by the press.

Q: How did you get access to the attack software?

A: We have many experienced programmers in our team.

Q: How many people have purchased your software?

A: We started the program about a month ago and have had about 120 purchases.

Q: Which one is the best seller?

A: Stealer (data stealing software).

Q: How much money have you made?

A: Secret.

Q: Is your software difficult to use?

A: No, it's easy because we have high quality tutorials and online support. The description of how to use each of our programs is online.

Q: Who are your customers, where are they, and what are their intentions?

A: We don't know, everything is anonymous.

Q: Are you afraid of being prosecuted by the authorities?

A: Our clients are responsible for their own actions.

So far, the Eternity Project is not the only online cybercrime supermarket on the dark web. To prevent these attacks, Cyble recalls basic recommendations: back up regularly and keep these backups offline or on a separate network; enable automatic software updates on all devices; use reputable anti-virus and security software on their connected devices; and avoid opening untrusted links and attachments without verifying their authenticity.

"The Eternity Project's dark web store is located at

http://malwarewrn7fvd7zq243d74dxs3ca4wh5kw6i2opkzeusuoajtd2j5yd.onion

This stupid administrator left personal information on the dark web in his dark web store, and even has his own avatar in his personal Telegram

Github: L1ghtM4n

Personal Telegram: @LightM4n

Another Telegram: @EternityDeveloper

Email: [email protected]

So, after extensive media coverage, the administrator has shut down the dark web store, perhaps due to fear of a police crackdown. "ODN" will continue to follow up on whether it will resume operation in the future.

For more dark web news, please follow "ODN".