"Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain. This network is widely used by decentralized applications, including Polymarket, the world's largest prediction market. This approach makes Aeternum's C2 infrastructure effectively permanent and resistant to traditional takedown methods."
"A native C++ loader available in both x32 and x64 builds, the malware works by writing commands to be issued to the infected host to smart contracts on the Polygon blockchain. The bots then read those commands by querying public remote procedure call (RPC) endpoints."
"Once a command is confirmed, it cannot be altered or removed by anyone other than the wallet holder, making the infrastructure resilient to disruption attempts and enforcement actions."
Aeternum C2 is a botnet loader that leverages blockchain technology, specifically the Polygon network, for its command-and-control infrastructure instead of traditional servers or domains. This approach renders the C2 infrastructure permanent and resistant to conventional takedown efforts. The malware, written in C++, operates by writing commands to smart contracts on Polygon, which infected devices then retrieve by querying public RPC endpoints. Threat actor LenAI advertised the malware on underground forums starting December 2025, offering access to a control panel for $200 or the complete codebase for $4,000. Commands issued through a web-based panel become immutable blockchain transactions, executable across all compromised devices or targeted endpoints. This represents an evolution in botnet resilience, following earlier examples like Glupteba's use of Bitcoin blockchain as backup C2.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]