Aeternum Loader: When your C2 lives forever

Aeternum C2 BotNet Loader — CtrlAltIntel examined a malware loader that uses Polygon smart contracts to publish encrypted C2 commands; by accessing an exposed operator panel and reversing the JavaScript/contract implementation, researchers derived the PBKDF2/AES-GCM scheme (keyed from the contract address), decrypted historical commands across dozens of identical contracts, enumerated related contracts and creator addresses (including LenAI), and published 209 decoded commands and IOCs revealing payload hosting and deployment attempts.