AETERNUM C2 is a botnet loader that stores its commands on the public Polygon blockchain to resist takedowns, with researchers noting that commands are written to the blockchain as transactions and later read by infected hosts polling RPC endpoints. According to Qrator Labs, the panel lets operators deploy smart contracts to Polygon, choose a command type, and supply a payload URL, after which the encrypted command is returned to the malware for execution.
The system integrates anti‑analysis features, including virtualization checks, and provides customers with a tool to verify builds with Kleenscan to avoid antivirus flags. Operational costs are described as negligible, with $1 worth of MATIC enough for 100 to 150 command transactions. Details about Aeternum first emerged in December 2025, when KrakenLabs of Outpost24 said a threat actor named LenAI advertised access to a panel and a configured build for $200, and promised the full C++ codebase for $4,000.