All news with #etherrat tag

React2Shell Exploits Deploy EtherRAT, Linked to DPRK

🔐 Security researchers at Sysdig report new campaigns exploiting React2Shell (CVE-2025-55182), resulting in a novel implant that delivers EtherRAT and demonstrates advanced persistence and evasion. The exploit targets React v19 and many related frameworks, using a base64 shell command to fetch a downloader that installs Node.js, decrypts an obfuscated JavaScript dropper, and executes a blockchain-based C2-capable payload. Sysdig observed tooling overlaps with North Korea-associated campaigns, though firm attribution remains unconfirmed.

North Korean Hackers Exploit React2Shell to Deploy EtherRAT

🔒 Researchers at Sysdig uncovered a new malware implant, EtherRAT, delivered via exploitation of the React2Shell deserialization flaw in Next.js just days after the vulnerability disclosure. The implant bundles a full Node.js runtime, uses an encrypted loader, and employs Ethereum smart contracts for resilient C2 while supporting five Linux persistence mechanisms. Operators can self-update the payload and execute arbitrary JavaScript, complicating detection and response.