North Korea-linked EtherRAT Malware Exploits React2Shell Vulnerability

North Korea-linked EtherRAT Malware Exploits React2Shell Vulnerability

First seen 10 Dec 2025, 09:47 UTC BleepingcomputerNknewsWebpronews 52% similarity 58.6

Article Content

Browse articles
ThreatCluster

North Korea-linked hackers have exploited a critical flaw in web applications using a new malware called EtherRAT. This remote access trojan employs Ethereum smart contracts for communication and utilizes multiple Linux persistence mechanisms, indicating a significant evolution in cybercriminal techniques. The malware was identified in a compromised JavaScript application shortly after the React2Shell vulnerability was disclosed.

ThreatCluster AI

Community

Browse all →