Cybersecurity experts have identified the Tsundere botnet, actively targeting Windows systems since mid-2025, with sophisticated mechanisms including WebSocket communication on the Ethereum blockchain. The malware spreads through fake MSI installers and PowerShell scripts, leveraging gaming-related lures and maintaining persistence via registry modifications. #TsundereBotnet #EthereumBlockchain
Keypoints
- Tsundere is a rapidly expanding Windows-targeting botnet active since mid-2025.
- The malware is distributed using fake gaming MSI installers and PowerShell scripts.
- The botnet uses Ethereum blockchain to dynamically retrieve C2 server details for resilience.
- Tools like Node.js, ws, ethers, and pm2 are utilized to ensure persistence and operational control.
- The threat likely originates from a Russian-speaking actor, with overlaps to other malware campaigns and underground markets.
Read More: https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html