Threat Overview

A threat actor using the handle "Lena" posted on Exploit forum on January 10, 2026 advertising the Aeternum C2 BotNet Loader, a malware framework utilizing blockchain-based command and control infrastructure with encrypted smart contracts on the Polygon network.

• Command Storage: Bot commands stored in encrypted smart contracts on the blockchain, functioning as a database with all commands encrypted
• Command Execution: Bots execute commands only after confirmation from at least three RPC servers, ensuring commands are from the operator with private key control
• Data Persistence: Commands stored forever on blockchain, operator can edit and delete them with private key
• Network Resilience: No one can block or disrupt the botnet network, abuses have nowhere to report
• Command Delivery: Unlike p2p networks, all online bots receive commands within maximum 2-3 minutes
• Supported Formats: .exe, .dll, .ps1, .cmd loader files
• Build Type: C++ native builds for x86 and x64 architectures
• Cost Efficiency: No need for domains or servers, $1 is sufficient for 100-150 command transactions, blockchain gas fees only
• Control Panel: Can run locally on VirtualBox, includes dashboard, contracts management, command configuration (All Bots, HWID Bot, DLL Loader, Ping Bots), RPC checker, and command management with transaction confirmation via Polygon Mainnet