Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

EtherHiding

North Korea-linked actors exploit React2Shell flaw to deploy EtherRAT using Ethereum-based C2

Cloud, Cybercrime, News, Research, Vulnerabilities

December 10, 2025

Sysdig reported that actors tied to North Korea exploited a critical React Server Components flaw to deploy EtherRAT, a Node.js-based remote access trojan that uses Ethereum smart contracts and RPC consensus for C2 resolution and multiple Linux persistence mechanisms.
Google says North Korean hackers used smart-contract “EtherHiding” to deliver malware

Cybercrime, News, Research, Risk

October 17, 2025

Google Threat Intelligence Group says a North Korean actor known as UNC5342 used an “EtherHiding” smart-contract technique to host and deliver JavaScript malware via fake job interviews, enabling stealthy payload updates and theft of credentials and cryptocurrency.

About
Editorial Policy
Privacy
Contact