ACCORDING to SecurityWeek, Aeternum Botnet Loader, also known as Aeternum C2, relies on the Polygon blockchain for command-and-control, boosting resilience against takedowns by operating on smart contracts. The malware was first spotted in December 2025 after a threat actor began advertising it as fully on-chain, with commands delivered to bots encrypted via multiple RPC networks and validated before execution.
Qrator Labs notes that operators can update smart contracts and payloads through a web-based panel, while bots retrieve commands by querying public RPC endpoints. The kit includes a scantime AV scanner and, crucially, Polygon’s C&C costs are minimal: “$1 worth of MATIC” is enough for 100 to 150 command transactions, according to Qrator Labs.
The report also highlights that the model could become a turnkey product on underground markets, with other malware developers likely to iterate on blockchain-based C&C approaches.