Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Void Botnet Leverages Ethereum for Secure Command Control

Void Botnet Leverages Ethereum for Secure Command Control

Posted on May 20, 2026 By CWS

A recent entrant in the cybercrime landscape, the Void Botnet, is revolutionizing how cybercriminals maintain operational control. This botnet, unlike traditional ones that depend on servers vulnerable to law enforcement actions, employs Ethereum smart contracts to manage its command and control (C2) processes, making it resistant to standard takedown methods.

Emergence and Market Introduction

The Void Botnet was first marketed on a Russian cybercrime forum in March 2026. Sold for $600 with a $50 fee for each build, it offers a ready-to-use loader. Its emergence is particularly concerning, not only due to its advanced technology but also because it followed closely after the exposure of another blockchain-based tool, Aeternum C2. This quick succession of similar tools indicates a broader trend towards using blockchain technology for command and control, emphasizing resilience and sustainability for cybercriminals.

Researchers from Qrator Labs identified and analyzed the Void Botnet, publishing their findings in May 2026. They attribute its development to a threat actor known as TheVoidStl, who operates under the alias nikoniko. This developer is also linked to other malware like TheVoidStealer, WallStealer, and Void Miner, suggesting a growing and diverse malware portfolio.

Technical Specifications and Threats

Written in Rust, the Void Botnet’s loader is a compact, lightweight binary, capable of running on both 32-bit and 64-bit Windows systems. It supports extensive post-compromise operations, providing attackers significant control over compromised systems. Its design focuses on maintaining connectivity and avoiding detection, even in adverse network conditions.

The botnet enables a range of malicious activities, including DDoS attacks, credential theft, and proxy services. Since it relies on a public blockchain for its C2 channel, traditional defensive actions like server seizure or domain suspension are ineffective. This necessitates enhanced security measures, such as anti-bot and DDoS protection, to combat these sophisticated threats.

The Void Botnet features a dual-mode C2 system within a single binary. In one mode, commands are issued via Ethereum smart contracts, which infected machines periodically check for new tasks. This decentralized approach eliminates the need for a central server. Alternatively, the botnet can connect machines directly to an operator’s web panel for immediate task execution.

Operator Panel and Task Execution

The operator panel offers detailed insights into each infected system, including geographic location, operating system details, and active antivirus software. Operators can dispatch tasks to specific machines or an entire botnet fleet, with options for regional targeting.

The panel supports fourteen different task types, allowing payloads to be delivered in various formats, including executables and PowerShell scripts. The in-memory execution mode loads binaries directly into process memory, bypassing file-based defenses. Features like reverse shell and PowerShell tasks enable live interaction with compromised systems, while SelfDelete and SelfUpdate options allow for agent cleanup and updates.

Overall, the Void Botnet represents a significant evolution in cybercriminal strategies, leveraging blockchain technology to enhance resilience and evade traditional security measures. Its development and deployment underscore the need for continuous vigilance and adaptable security strategies to protect against emerging threats.

Cyber Security News Tags:Blockchain, Botnet, C2 infrastructure, Cybercrime, Cybersecurity, Ethereum, Qrator Labs, smart contracts, threat intelligence, Void Botnet

Post navigation

Previous Post: Fake Tax Pages Deliver Malware to Windows Systems
Next Post: Critical Mac Vulnerability via Malicious Image Exploited

Related Posts

Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad Cyber Security News
Researchers Detailed r1z Initial Access Broker OPSEC Failures Researchers Detailed r1z Initial Access Broker OPSEC Failures Cyber Security News
SystemBC Botnet Expands to 10,000 Devices for Global Attacks SystemBC Botnet Expands to 10,000 Devices for Global Attacks Cyber Security News
JetBrains IDE Plugins Compromise 70,000+ API Keys JetBrains IDE Plugins Compromise 70,000+ API Keys Cyber Security News
Critical Splunk Vulnerability Allows Remote Code Execution Critical Splunk Vulnerability Allows Remote Code Execution Cyber Security News
Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark