Aeternum C2 botnet loader using Polygon blockchain C2
Malware Activity
Summary
Hide ▲
Show ▼
Researchers disclosed Aeternum C2, a botnet loader that moves command-and-control onto the Polygon blockchain, making infected hosts harder to disrupt. The malware writes commands to smart contracts and has bots retrieve encrypted commands through public RPC endpoints. That design makes the infrastructure effectively permanent and reduces reliance on conventional servers or domains. Details first surfaced in December 2025, and the tooling includes anti-analysis features that can prolong infections.
Related Happenings
LenAI alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 26.02.2026 20:00
Last: 26.02.2026 20:00
Sources 1
How related:
Details of Aeternum C2 first emerged in December 2025, when Outpost24's KrakenLabs revealed that a threat actor by the name of LenAI was advertising the malware on underground forums for $200 that grants customers access to a panel and a configured build.
About this happening:
LenAI is **commercializing Aeternum C2** by selling **panel access** and later the **full toolkit** on **underground forums**, expanding access to a takedown-resistant botnet. The...
LenAI alliance reshapes ransomware ecosystem operations
Threat Actor MetaHow related: Details of Aeternum C2 first emerged in December 2025, when Outpost24's KrakenLabs revealed that a threat actor by the name of LenAI was advertising the malware on underground forums for $200 that grants customers access to a panel and a configured build.
About this happening: LenAI is **commercializing Aeternum C2** by selling **panel access** and later the **full toolkit** on **underground forums**, expanding access to a takedown-resistant botnet. The...
Aeternum C2 Polygon blockchain command-and-control loader
Malware Activity
First: 26.02.2026 18:00
Last: 26.02.2026 18:00
Sources 1
About this happening:
The **Aeternum C2** botnet loader is moving **command-and-control** onto the **Polygon blockchain**, removing the central servers that defenders normally target. That change makes...
Aeternum C2 Polygon blockchain command-and-control loader
Malware ActivityAbout this happening: The **Aeternum C2** botnet loader is moving **command-and-control** onto the **Polygon blockchain**, removing the central servers that defenders normally target. That change makes...
Timeline
-
26.02.2026 20:00 2 articles · 3mo ago
Aeternum C2 disclosed with Polygon blockchain command-and-control
Initial DisclosureResearchers disclosed Aeternum C2 as a botnet loader that stores command-and-control instructions on the public Polygon blockchain instead of traditional servers or domains. The malware first emerged in December 2025 when LenAI advertised it on underground forums with a panel and configured build, and later analysis described a Next.js panel that deploys smart contracts, uses Polygon RPC endpoints to retrieve encrypted commands, and adds anti-analysis checks to prolong infections.
Show sources
- Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown — thehackernews.com — 26.02.2026 20:00
- Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown — thehackernews.com — 26.02.2026 20:00