Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-27T20:19:35+00:00

Aeternum botnet hides commands in Polygon smart contracts

Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down, […]

---

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

MUST READ

Canadian Tire 2025 data breach impacts 38 million users

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

- Home

- Breaking News

- Cyber Crime

- Mobile

- Aeternum botnet hides commands in Polygon smart contracts

Aeternum botnet hides commands in Polygon smart contracts

Pierluigi Paganini
February 27, 2026

Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt.

Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down, significantly increasing its resilience and persistence in the wild.

“Instead of relying on traditional servers or domains for command and control, Aeternum stores its instructions on the public Polygon blockchain. This network is widely used by decentralized applications, including Polymarket, the world’s largest prediction market.” reads the report published by Qrator Labs. “This approach makes Aeternum’s C2 infrastructure effectively permanent and resistant to traditional takedown methods.”

Aeternum is a C++ botnet loader offered in both 32- and 64-bit versions that uses the Polygon blockchain as its command-and-control backbone. Operators write commands into smart contracts on Polygon. Infected machines poll public RPC endpoints, read the on-chain instructions, and execute them.

Using a web dashboard, operators pick a smart contract, choose what action to send, add a payload URL, and then send the command as a blockchain transaction. Once confirmed, the instruction becomes immutable and accessible to all infected hosts, typically within minutes.

[Image: Aeternum botnet]

Operators can manage multiple contracts at once, each tied to different payloads like stealers, clippers, RATs, or miners. A ping feature also allows tracking of active infections and precise targeting using hardware IDs and HTTP fingerprinting.

Blockchain-based C2 changes the botnet takedown playbook. Traditional botnets rely on domains, IPs, or servers that defenders can seize, suspend, or sinkhole. Aeternum avoids those weak points by storing commands on the Polygon blockchain, replicated across thousands of nodes and reachable via many RPC endpoints. There is no central server to shut down. Past cases like Glupteba showed blockchain as a backup channel; Aeternum makes it the primary one, removing traditional disruption options.

Aeternum is sold either as a lifetime package with a ready-to-use panel or as full C++ source code with updates. Operating costs remain minimal: about $1 in MATIC can fund over 100 blockchain command transactions, with no need for servers or domains, just a crypto wallet and the control panel.

The malware also includes anti-VM checks to evade sandbox analysis and a built-in AV scanner to test detection rates before deployment, lowering barriers for running a resilient, stealthy botnet.

“The seller bundles a scantime AV scanner powered by the Kleenscan API, allowing operators to check their builds against 37 antivirus engines before deployment.” continues the report. “The results shown in the seller’s screenshots indicate only 12 out of 37 engines flagging the sample, with major vendors including CrowdStrike, Avast, Avira, and ClamAV all returning “undetected.” These results represent a point-in-time snapshot and detection rates will change as vendors update their signatures.”

Even if Aeternum itself doesn’t gain mass adoption, blockchain-based C2 is now a ready-made underground product. The model is effective and likely to be reused and refined by other malware developers. Botnets built this way could last longer, grow larger, and power large-scale attacks such as DDoS, credential stuffing, click fraud, and proxy services.

“Traditional upstream takedowns become harder when the C2 channel is immutable, and even if the botnet malware is removed from every infected machine, the operator can redeploy using the same smart contracts without rebuilding anything.” concludes the report. “This makes proactive DDoS mitigation more important than ever: if such botnets can’t be taken down at the source, defenders must focus on filtering malicious traffic at the edge.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)

---

---

Aeternum
botnet
Cybercrime

you might also like

Pierluigi Paganini
March 01, 2026

Read more

Pierluigi Paganini
February 28, 2026

Canadian Tire 2025 data breach impacts 38 million users

Read more

up-to-date!

recent articles

Security / March 01, 2026

Canadian Tire 2025 data breach impacts 38 million users

Data Breach / February 28, 2026

Microsoft warns of RAT delivered through trojanized gaming utilities

Malware / February 28, 2026

Aeternum botnet hides commands in Polygon smart contracts

Mobile / February 27, 2026

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security / February 27, 2026

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Manage consent

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

---

[Original source](https://securityaffairs.com/188627/mobile-2/aeternum-botnet-hides-commands-in-polygon-smart-contracts.html)

Reply