"The main selling point of the botnet, however, is the use of the Polygon blockchain for C&C communication. As Qrator Labs points out, this makes Aeternum's infrastructure permanent and increases its resilience against takedowns. The Polygon blockchain is used by numerous decentralized applications, including the world's largest prediction market, Polymarket, and its use incurs almost no cost for Aeternum's operators."
"The threat actor claimed that commands were delivered to bots encrypted, via multiple RPC (remote procedure call) networks, and validated before execution, completely removing the need for central infrastructure. The malware was also advertised with anti-VM checks, AV scanning, and support for executing various types of payloads, and was offered at $200 for a lifetime license with panel and build access."
"The operational costs are negligible: $1 worth of MATIC, the native token of the Polygon network, is enough for 100 to 150 command transactions. The operator doesn't need to rent servers, register domain names, or maintain traditional infrastructure, making the botnet economically efficient and difficult to disrupt through conventional means."
Aeternum C2 is a botnet loader discovered in December 2025 that leverages the Polygon blockchain for command-and-control communications. The malware delivers encrypted commands through multiple RPC networks and validates them via smart contracts, eliminating the need for traditional central infrastructure. It features anti-VM checks, antivirus scanning capabilities, and supports various payload types. The threat actor marketed it at $200 for lifetime access or $4,000 for full source code. Bot management occurs through a web-based panel allowing operators to update smart contracts with new commands. The blockchain approach provides permanent infrastructure with negligible operational costs—approximately $1 in MATIC tokens enables 100-150 command transactions, making it highly cost-effective and resilient against traditional takedown methods.
#blockchain-based-malware #botnet-c2-infrastructure #polygon-network-exploitation #cryptocurrency-enabled-threats #malware-as-a-service
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]