Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
Overview
The Tsundere botnet, targeting Windows users, is expanding and capable of executing arbitrary JavaScript code from a command-and-control server. This poses a significant threat to users, as the botnet's propagation methods remain unclear, indicating a potential for widespread exploitation.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Windows users
- Timeline: Ongoing since mid-2025
Original Article Summary
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today. There are currently no details on how the botnet malware is propagated;
Impact
Windows users
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Ongoing since mid-2025
Remediation
Not specified
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Windows, Microsoft, Malware, and 2 more.