A malware known as the Tsundere botnet has been observed expanding its operations by targeting Windows users through deceptive game-related lures. The campaign leverages the popularity of video games to trick individuals into downloading and executing the malicious payload.

The primary infection vector involves distributing malware disguised as game installers, mods, or cheating tools. Users seeking these game-related files inadvertently compromise their Windows systems, allowing the Tsundere malware to establish a foothold.

Infection Through Gaming Lures

The operators behind the Tsundere botnet are specifically targeting the gaming community. The distribution method relies on social engineering, where malicious files are presented as legitimate software or enhancements for popular video games. Once a user runs the disguised executable, the botnet’s payload is installed on the underlying Windows operating system, adding the machine to its network of infected devices.

Ethereum Blockchain for Command and Control

A notable technical aspect of the Tsundere botnet is its use of an Ethereum-based Command and Control (C2) infrastructure. Instead of relying on traditional, centralized C2 servers that can be easily identified and taken down, the botnet receives its commands through the Ethereum blockchain. This decentralized approach provides the botnet with a high degree of resilience against disruption efforts by security researchers and law enforcement agencies. The commands are embedded within blockchain transactions, making the C2 communication difficult to trace and shut down.

This combination of targeting a broad user base through gaming lures and employing a sophisticated, decentralized C2 mechanism marks a significant development in the botnet’s capabilities. The campaign remains focused on compromising systems running the Windows operating system.

Source: https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html