Aeternum Botnet Loader Utilizes Polygon Blockchain for Enhanced Command and Control Resilience
Aeternum C2 Botnet Loader Utilizes Polygon Blockchain for Command-and-Control Communication
A recently discovered botnet loader, known as Aeternum C2, has been found to utilize the Polygon blockchain for command-and-control (C&C) communication, significantly enhancing its resilience against takedowns.
Key Features and Capabilities
Aeternum C2 delivers encrypted commands to bots via multiple remote procedure call (RPC) networks, which are then validated before execution. This design eliminates the need for central infrastructure, making it more difficult for authorities to disrupt the botnet’s operations.
The malware also features anti-VM checks, AV scanning, and support for executing various types of payloads.
Availability and Pricing
Aeternum C2 is offered for sale on the underground market, with prices ranging from $200 for a lifetime license with panel and build access, to $4,000 for the full C++ source code and ongoing updates.
Management and Operation
The botnet’s management is facilitated through a web-based panel, allowing operators to update smart contracts with new commands and payloads. These commands are retrieved by the bots, which query public RPC endpoints to read the available smart contracts.
According to the threat actor, Aeternum C2 delivers encrypted commands to bots via multiple remote procedure call (RPC) networks, which are then validated before execution.
Use of Blockchain-Based C&C Channels
The use of blockchain-based C&C channels is not new, as demonstrated by the Glupteba botnet, which was targeted by a takedown effort in December 2021 but remained active due to its use of the Bitcoin blockchain as a backup C&C channel.
This highlights the risks associated with botnets’ use of decentralized networks, and the potential for other malware developers to adopt similar tactics.
Risks and Implications
Qrator Labs notes that the model of using blockchain-based C&C channels is sound, and it is likely that other malware developers will iterate on this approach.
As a result, it is essential for organizations to be aware of this emerging trend and take steps to protect themselves against the potential threats posed by blockchain-based botnets.
About Author
English