Cyptominers continued to be targeted by attackers exploiting the React2Shell vulnerability.

Attackers continue to heavily exploit the React2Shell vulnerability, with more than 1.4 million exploitation attempts recorded in a single week. Two IP addresses generated the majority of these attacks, deploying reverse shells and XMRig cryptominers on compromised systems. The flaw enables unauthenticated remote code execution via a single HTTP POST request, making it extremely attractive to both cybercrime groups and state‑sponsored actors. Researchers also identified long‑running malicious infrastructure tied to the staging servers delivering the payloads.

Read more:

https://www.securityweek.com/cryptominers-reverse-shells-dropped-in-recent-react2shell-attacks/