For a long time, stopping a network of hijacked computers, known as a botnet, used to be fairly straightforward. Police would find the main control server sending out the orders and shut it down or sinkhole the traffic to a safe place. However, a discovery by Qrator Research Lab shows that cybercriminals have found a way to bypass this off switch entirely.
Their research identifies a new botnet called Aeternum C2, which doesn’t rely on a central server that can be seized. Instead, the people running it publish their instructions to the Polygon blockchain. For your information, a Blockchain is a digital ledger spread across thousands of computers worldwide. Because the data is copied everywhere at once, there is no single target for authorities to hit.
How the System Controls Infected PCs
Qrator’s research reveals that Aeternum is a loader written in C++, and it works on almost any Windows computer. Rather than asking a single website for orders, the infected computers check the Polygon network for smart contracts, which are basically digital sets of instructions that are permanent.
The botnet operator uses a simple web dashboard to send these commands, and every command flows through the blockchain from the start. This means there is no primary infrastructure for police to target, researchers explained in the blog post shared with Hackread.com.
They also noted that this system is very fast; most infected devices get their new orders in just two to three minutes, whereas the person in charge can send different types of attacks, like clippers to steal digital money or miners to use your computer’s power for their own gain.
Why This is a Problem for Everyone
In the past, major networks like Glupteba were disrupted because they only used the blockchain as a backup. However, Qrator researchers noted that Aeternum is much harder to stop because it uses the blockchain as its only home. There are no servers for the police to take and no website names to block.
Further probing revealed that this is also incredibly cheap for criminals. It costs only about $1 worth of MATIC (the digital currency used on the Polygon network) to send over 100 commands to thousands of computers. The software also uses anti-VM tricks, which help it sense if a security expert is trying to study it in a lab. If it feels it is being watched, it simply won’t run.
What’s most worrying is that this new model allows botnets to live longer and grow larger, making them perfect for massive DDoS attacks. Even if you wipe the virus from a computer, the hacker can simply reuse the same blockchain instructions to start over. This makes it more important than ever to focus on filtering out bad traffic before it even reaches your network.
