Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
23.11.2025
4262
Tsundere botnet spreads via MSI and PowerShell installers, using Ethereum-based command and control (C2) rotation and game-themed lures to infect Windows systems.
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
The Tsundere botnet is spreading aggressively through MSI and PowerShell installers, using Ethereum-based command and control (C2) rotation and game-themed lures to infect Windows systems.
This sophisticated malware operation leverages blockchain technology for C2 resilience, making traditional takedowns nearly impossible. The botnet's name 'Tsundere' reflects its deceptive nature—appearing harmless while executing malicious activities.
Attack vectors include fake game installers and mods targeting popular titles, distributed through malicious websites and forums. Once executed, the malware establishes persistence and communicates with C2 servers via Ethereum smart contracts, enabling dynamic server rotation.
- • Spreads via MSI and PowerShell installers
- • Uses Ethereum blockchain for C2 communication
- • Employs game-themed lures for social engineering
- • Targets Windows users specifically
- • Features information stealing capabilities
- • Built with Node.js infrastructure
- • Implements command and control rotation
Security researchers highlight the innovative use of blockchain technology in malware operations, marking a significant evolution in botnet infrastructure. The Ethereum-based C2 system provides decentralized, resilient communication channels that are difficult to disrupt through conventional means.
The malware demonstrates advanced capabilities including data exfiltration, system reconnaissance, and potential for additional payload delivery. Its modular design suggests ongoing development and future expansion of capabilities.
#blockchain#botnets#malware#social engineering
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
