North Korean Hackers Unleash EtherRAT: The Trojan that’s Smarter than Your Average RAT
North Korea-linked hackers are exploiting the React2Shell flaw to release EtherRAT, a persistent remote access trojan with Ethereum smart contracts. This malware blends North Korean tactics but ditches credential theft for long-term stealth, forcing defenders to face a new, cunning adversary.
Hot Take:
When North Korea isn’t busy launching rockets, they’re launching cyberattacks. The latest in their digital arsenal? EtherRAT—because why settle for one RAT when you can have the whole infestation? Someone needs to tell these hackers that borrowing from Ethereum to build a smart contract C2 is like bringing a bazooka to a pillow fight. But hey, who doesn’t love a good blockchain twist?
Key Points:
- North Korean hackers are exploiting the React2Shell vulnerability (CVE-2025-55182) to deploy the newly discovered EtherRAT.
- EtherRAT is a remote access trojan that uses Ethereum smart contracts for command and control (C2).
- The attack involves sophisticated social engineering tactics, targeting developers in crypto and Web3 fields.
- EtherRAT’s persistence is achieved through multiple Linux methods and blockchain-based C2, making it hard to detect.
- Attribution is uncertain, but there’s significant overlap with previous North Korean campaigns, particularly the “Contagious Interview.”
Already a member? Log in here