AETERNUM Botnet has shifted its command-and-control operations onto the Polygon blockchain, removing the central servers security teams have traditionally targeted. Aeternum C2, uncovered by Qrator Research Lab, uses smart contracts hosted on Polygon; infected machines retrieve instructions written to the blockchain rather than hardcoded IPs or domains, with transactions publicly recorded and not removable.
According to the seller's documentation and panel screenshots reviewed by Qrator Research Lab, Aeternum is a native C++ loader available in x32 and x64 builds, with operators managing infections via a web dashboard to select a smart contract, command type, and a payload URL; commands reach active bots within two to three minutes and can run multiple contracts simultaneously
linked to different payloads or functions, including clipper modules, information‑stealing DLLs, PowerShell or batch scripts, remote access tools and cryptocurrency miners. Blockchain data is replicated across thousands of nodes, eliminating central infrastructure to seize, and only the wallet holder can issue or modify commands tied to a contract.
Traditional takedowns are harder because on‑chain commands are effectively permanent and globally accessible, a point underscored by the described risk: proactive DDoS mitigation becomes more important than ever if the botnet cannot be taken down at the source. Google’s 2021 disruption of Glupteba is cited as a comparison, with Google saying it reduced infections by 78%.