Today's cybersecurity headlines are brought to you by ThreatPerspective

Aeternum Botnet Revolutionizes Cybercrime: Decentralized Command and Control via Polygon Blockchain

A new era of cybercrime has dawned with the emergence of the Aeternum botnet, which utilizes the Polygon blockchain for its decentralized command and control infrastructure. This innovative approach makes it far harder for defenders to disrupt or shut down its operations, and poses a significant threat to organizations worldwide.

A new era of cybercrime has dawned, as Aeternum, a cutting-edge botnet, has emerged that utilizes the decentralized infrastructure of the Polygon blockchain to execute its malicious payloads. This innovative approach, which stores commands on the public blockchain and allows infected machines to poll for instructions via public RPC endpoints, makes Aeternum's C2 (Command and Control) infrastructure effectively permanent and resistant to traditional takedown methods.

According to a recent report by Qrator Labs, Aeternum is a C++ botnet loader that offers both 32- and 64-bit versions. Its command-and-control backbone is built upon the Polygon blockchain, which is widely used by decentralized applications such as Polymarket, the world's largest prediction market. By leveraging this decentralized network, Aeternum's operators can write commands into smart contracts on Polygon, ensuring that their instructions are immutable and accessible to all infected hosts within minutes of being confirmed.

Operators of the Aeternum botnet use a web dashboard to select a smart contract, choose an action, add a payload URL, and send the command as a blockchain transaction. This approach not only enhances the resilience and persistence of the malware but also makes it significantly harder for defenders to disrupt or shut down its operations.

Traditional botnets rely on centralized servers or domains that can be seized, suspended, or sinkholed by defenders. However, Aeternum's decentralized architecture eliminates these weak points, making it a formidable foe in the world of cybercrime. By utilizing the Polygon blockchain as its C2 backbone, the malware avoids traditional takedown methods and becomes far more resilient.

A significant advantage of Aeternum is its minimal operating costs. According to Qrator Labs, a mere $1 in MATIC can fund over 100 blockchain command transactions, with no need for servers or domains, just a crypto wallet and the control panel. This cost-effective approach makes it an attractive option for operators looking to deploy a resilient and stealthy botnet.

Moreover, Aeternum's decentralized architecture also allows it to evade traditional sandbox analysis and AV (Anti-Virus) scanners. The malware includes anti-VM checks, which prevent virtualization-based detection methods from working effectively. Additionally, a built-in AV scanner is included to test detection rates before deployment, lowering barriers for running a successful, stealthy botnet.

The impact of Aeternum cannot be overstated. Even if the malware itself does not gain widespread adoption, its innovative use of decentralized C2 infrastructure makes blockchain-based command and control a ready-made underground product. This model is likely to be reused and refined by other malware developers, making it essential for defenders to stay ahead of emerging threats.

Traditional upstream takedowns become harder when the C2 channel is immutable. Even if the botnet malware is removed from every infected machine, the operator can redeploy using the same smart contracts without rebuilding anything. This makes proactive DDoS (Distributed Denial-of-Service) mitigation more important than ever: if such botnets cannot be taken down at the source, defenders must focus on filtering malicious traffic at the edge.

As a result, Aeternum represents a significant shift in the landscape of cybercrime. Its decentralized architecture and use of blockchain technology make it an incredibly resilient and stealthy malware that will continue to pose a threat to organizations worldwide.