Aeternum C2 botnet leverages blockchain for resilient command and control

As detailed in The Hacker News, a novel botnet loader named Aeternum C2 has emerged, employing a blockchain-based command-and-control (C2) infrastructure to enhance its resilience against takedown attempts. This approach utilizes the public Polygon blockchain to store and disseminate instructions to infected devices.

Aeternum C2, developed in C++, operates by writing commands into smart contracts on the Polygon blockchain. Infected bots then retrieve these commands by querying public remote procedure call (RPC) endpoints. Threat actors can manage this infrastructure through a web-based panel, selecting commands, payloads, and target endpoints. The malware also incorporates anti-analysis features, including checks for virtualized environments, and allows users to scan builds to evade antivirus detection.

The operational costs are minimal, with approximately $1 worth of MATIC enabling 100 to 150 command transactions. The threat actor, known as LenAI, initially advertised the malware for $200 and later attempted to sell the entire toolkit for $10,000.

Source: The Hacker News