Cybersecurity researchers have revealed a new botnet loader named Aeternum C2, which leverages a blockchain-based command-and-control (C2) infrastructure to evade traditional takedown methods. According to a report from Qrator Labs, Aeternum stores its operational commands on the public Polygon blockchain, a platform commonly used by decentralized applications.
Innovative C2 Mechanism
This approach allows Aeternum’s C2 infrastructure to be effectively permanent, making it resistant to conventional disruption tactics. Previous instances of botnets utilizing blockchain technology for C2 have been documented, including the Glupteba botnet, which relied on the Bitcoin blockchain.
Malware Distribution and Functionality
Details about Aeternum C2 first surfaced in December 2025 when Outpost24’s KrakenLabs reported that a threat actor named LenAI was promoting the malware on underground forums. For $200, customers could access a control panel and a configured build, while a complete C++ codebase was offered for $4,000. The malware, available in both x32 and x64 builds, operates by writing commands to smart contracts on the Polygon blockchain. Infected devices query public remote procedure call (RPC) endpoints to retrieve these commands.
Operational Features and Costs
The command structure allows operators to manage multiple smart contracts, each potentially serving different malicious functions such as data theft or cryptocurrency mining. According to Qrator Labs, once a command is confirmed on the blockchain, it cannot be altered or removed except by the wallet holder. The operational costs for using this system are minimal; just $1 worth of MATIC, the native token of the Polygon network, can facilitate 100 to 150 command transactions.
Future Developments and Concerns
LenAI has indicated intentions to sell the entire toolkit for $10,000, citing a lack of time for ongoing support. This individual is also associated with another crimeware solution called ErrTraffic, which automates ClickFix attacks. The emergence of Aeternum C2 highlights ongoing trends in malware development, particularly the integration of blockchain technology to enhance resilience against law enforcement and cybersecurity efforts.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
