CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek.

Botnet

Qrator Labs has shared details on Aeternum C2, a recently discovered botnet loader that relies on the Polygon blockchain for command-and-control (C&C), thus improving its resilience against takedowns.

The malware was first spotted in December 2025, after a threat actor started advertising it on underground forums as operating fully on smart contracts.

The threat actor claimed that commands were delivered to bots encrypted, via multiple RPC (remote procedure call) networks, and validated before execution, completely removing the need for central infrastructure.

The malware was also advertised with anti-VM checks, AV scanning, and support for executing various types of payloads, and was offered at $200 for a lifetime license with panel and build access, or at $4,000 for the full C++ source and ongoing updates.

Bot management is available through a web-based panel that provides the operator with the option to update the available smart contracts with new commands and payloads, Qrator Labs notes.

The commands reach the bots within a few moments. To retrieve them, the bots query public RPC endpoints to read the available smart contracts.

Aeternum also packs a scantime AV scanner, which allows the operators to verify their builds against 37 antivirus engines via the Kleenscan API, Qrator Labs explains.

The main selling point of the botnet, however, is the use of the Polygon blockchain for C&C communication. As Qrator Labs points out, this makes Aeternum’s infrastructure permanent and increases its resilience against takedowns.

The Polygon blockchain is used by numerous decentralized applications, including the world’s largest prediction market, Polymarket, and its use incurs almost no cost for Aeternum’s operators.

“The operational costs are negligible: $1 worth of MATIC, the native token of the Polygon network, is enough for 100 to 150 command transactions. The operator doesn’t need to rent servers, register domains, or maintain any infrastructure beyond a crypto wallet and a local copy of the panel,” Qrator Labs notes.

The Glupteba botnet, which was the target of a takedown effort in December 2021 but remained active and resurged due to its use of the Bitcoin blockchain as a backup C&C channel, illustrates the risks associated with botnets’ use of decentralized networks.

“Whether or not Aeternum itself becomes widely adopted, blockchain-based command and control is now a turnkey product on the underground market. The model is sound, and other malware developers will iterate on it,” Qrator Labs notes.

Related: New ‘SSHStalker’ Linux Botnet Uses Old Techniques

Related: GoBruteforcer Botnet Targeting Crypto, Blockchain Projects

Related: Kimwolf Android Botnet Grows Through Residential Proxy Networks

Related: RondoDox Botnet Exploiting React2Shell Vulnerability

Latest News

CYBERNEWSMEDIAPublisher