Key Findings North Korea-linked threat actors are exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy a previously unknown remote access trojan (RAT) dubbed EtherRAT EtherRAT leverages Ethereum smart contracts for command-and-control (C2) resolution, deploys five independent Linux persistence mechanisms, and downloads its own Node.js runtime from nodejs.org The activity exhibits significant overlap with a long-running campaign codenamed "Contagious In
