Coverage from HackRead indicates that a GitHub repository falsely advertised as a vulnerability scanner for CVE-2025-55182, also known as React2Shell, was discovered to be distributing malware. The project, named React2shell-scanner, was hosted by user niha0wa and has since been removed after community reports.Cybersecurity researcher Saurabh identified suspicious code within the React2shell-scanner script, revealing a hidden payload designed to execute mshta.exe and download a secondary malware stage from py-installer.cc. The malware targeted Windows devices, leveraging the legitimate mshta.exe tool to run a malicious script hosted on GitHub. This disguised scanner aimed to compromise security professionals investigating CVE-2025-55182, turning their research into an attack vector. This incident follows recent reports of hackers hiding PyStoreRAT malware within utility tools on GitHub, also targeting cybersecurity researchers.Although GitHub swiftly removed the malicious repository, this event underscores the critical need for caution when reviewing code shared as cybersecurity tools. Researchers analyzing high-interest vulnerabilities like CVE-2025-55182 must remain vigilant against fake exploit tools, especially those with obfuscated code or unclear origins.Source: HackRead
Malware, Security Operations, Vulnerability Management
Malicious ‘React2shell-scanner’ on GitHub targets researchers with malware

Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


