Nknews
North Korea-linked EtherRAT Malware Exploits React2Shell Vulnerability
First seen 10 Dec 2025, 09:47 UTC
•

•52% similarity
•58.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
North Korea-linked hackers have exploited a critical flaw in web applications using a new malware called EtherRAT. This remote access trojan employs Ethereum smart contracts for communication and utilizes multiple Linux persistence mechanisms, indicating a significant evolution in cybercriminal techniques. The malware was identified in a compromised JavaScript application shortly after the React2Shell vulnerability was disclosed.
ThreatCluster AI