Overview
- Qrator Research Lab details a loader that writes bot commands to Polygon smart contracts and has infected hosts fetch them via public RPC endpoints, removing traditional servers and domains.
- The native C++ tool is run through a web panel where operators choose a contract, command type, and payload URL, with new instructions typically reaching bots in about two to three minutes.
- Only the contract creator’s wallet can change on-chain instructions, enabling multiple concurrent channels for clippers, stealers, RATs, or miners while keeping costs near $1 for roughly 100–150 command transactions.
- Ctrl Alt Intel reports the panel deploys contracts whose function returns an encrypted command over Polygon RPC, which the malware decodes and executes on victim machines.
- Researchers advise prioritizing network-edge filtering and proactive DDoS mitigation as seller LenAI continues marketing the toolkit and has sought $10,000 for the full project and source code.