VulnHub

North Korea-linked cyber actors are exploiting a recently identified vulnerability in React Server Components known as React2Shell to deploy a new remote access trojan called EtherRAT. This malware utilizes Ethereum smart contracts to manage command-and-control communications and can establish multiple persistence mechanisms on Linux systems. The emergence of EtherRAT marks a concerning development as it allows attackers to maintain access to compromised systems. Companies using React Server Components need to be vigilant and update their systems to mitigate this risk. The situation emphasizes the ongoing threat posed by state-sponsored hacking groups and the importance of timely patching of known vulnerabilities.