Researchers discovered AI-generated malware being used to exploit the React2Shell vulnerability for a cryptojacking campaign, Darktrace reported Tuesday.Darktrace discovered the malware through a Docker honeypot, part of its “CloudyPots” honeypot network. In this honeypot, the internet-facing Docker daemon is intentionally set up to require no authentication, which enabled the attacker to spawn a new container via the Docker API.This new container, “python-metrics-collector,” was configured with a startup command that installed several prerequisite tools, downloaded a number of Python packages hosted on Pastebin and then downloaded and ran a GitHub hosted Python script, which compromised the AI-generated payload.The script was determined to be AI-generated based on the use of overly descriptive comments, a telltale sign of code generated by large language models (LLMs). Comments at the beginning of the script included “Educational/Research Purpose Only,” suggesting the attacker jailbroke an LLM by convincing it the malware was being generated for research, Darktrace noted.The researchers also ran parts of the script through the GPTZero AI detection software, which estimated the text was at least 76% AI-generated.“This is something of a Pandora’s Box issue with LLMs, because it’s looking like prompt injection is going to be an intractable problem,” noted Michael King, senior solutions engineer at Black Duck, in an email to SC Media. “Even if providers lock their frontier models down, any open weight model that’s up to the task can be trivially jailbroken.”
Related reading:
The script itself is a “well constructed React2Shell exploitation toolkit,” Darktrace said, that ultimately leads to remote code execution (RCE) and deployment of the XMRig Monero cryptominer. React2Shell, formally tracked as CVE-2025-55182, is a maximum-severity RCE flaw affecting both React.js and Next.js, related to deserialization of untrusted data.The crafted script executes a request containing a crafted Next.js server component payload, a chunk that forces an exception to reveal command output and a child process invocation to run arbitrary shell commands, Darktrace researchers described.The whoami command is used to determine whether the host is vulnerable and the wget command is used to download XMRig from its GitHub repository. XMRig is then set up to for mining with the attacker’s mining pool and wallet address.“Traditional indicators such as malware uniqueness or code quality are becoming less reliable signals of threat maturity because automation has steadily eroded the link between technical sophistication and operator skill,” Chrissa Constantine, senior cybersecurity solution architect at Black Duck, said in comments to SC Media.While Monero wallet addresses and transactions cannot be publicly viewed, supportxmr mining pools publish statistics that the researchers were able to use to track the success of the attacker’s campaign. They found 91 workers within the attacker’s pool, suggesting that 91 hosts were infected using the same malware. The attacker’s earnings added up to about 0.015 XMR, or about $5.02, the researchers said, with about 0.004 XMR ($1.34) generated each day.While the attacker’s earnings were low, the infection of dozens of vulnerable hosts using an AI-generated exploitation script demonstrates how AI makes it easier than ever to run an exploitation campaign, Darktrace concluded.“Coding Agents and LLMs are compressing the attacker ‘time to tooling’ enabling low-skill operators to produce functional and adaptable exploit frameworks at a velocity defenders must assume will only increase,” Christopher Jess, senior R&D manager at Black Duck, said in comments to SC Media. “When a simple prompting session yields functional exploitation code, organizations must expect more frequent, more customized, and more opportunistic attacks.”Darktrace recommended immediate patching of vulnerabilities such as React2Shell, as well as continuous attack surface monitoring and the use of behavioral detection mechanisms.“Security teams should respond by prioritizing hardening of exposed services, particularly cloud and container management interfaces that are frequently misconfigured. Continuous monitoring of runtime behavior, rather than static signatures, is essential, as AI-generated malware can be easily altered to evade known detections,” Constantine added.
AI/ML, Vulnerability Management, Threat Management, Ransomware, Patch/Configuration Management, Malware, Threat Intelligence
AI-generated React2Shell malware infects 90-plus hosts

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



