A fully AI-generated malware campaign actively exploiting the “React2Shell” vulnerability, detected within Darktrace’s “CloudyPots” global honeypot network, the intrusion highlights a critical shift in cybercrime: the weaponization of Large Language Models (LLMs) to lower the barrier of entry for effective cyberattacks.
Darktrace’s analysis of the incident points to the growing trend of “vibecoding,” AI-assisted software development, where operators rely heavily on LLMs to generate functional code rapidly.
While this practice accelerates legitimate development, it is simultaneously empowering low-skill threat actors to produce sophisticated exploitation tools with minimal effort.
The attack was observed targeting a Darktrace Docker honeypot, a controlled environment designed to intentionally expose the Docker daemon without authentication.
This configuration, mimicking a common misconfiguration in cloud environments, allowed the attackers to discover the daemon via the Docker API and initiate their kill chain.
Attack Chain From Docker API to XMRig
The intrusion began with the threat actor spawning a malicious container named “python-metrics-collector.” This naming convention attempts to blend in with legitimate telemetry services, a standard evasion tactic.
The container was configured with a startup command to install essential tooling specifically curl, wget, and python3 before retrieving its primary payloads.
The attack sequence proceeded in two distinct stages:
Dependency Retrieval: The container downloaded a list of required Python packages from a Pastebin URL (hxxps://pastebin[.]com/raw/Cce6tjHM).
Payload Execution: The actor retrieved and executed a Python script from hxxps://smplu[.]link/dockerzero. This link redirected to a GitHub Gist hosted by a user named “hackedyoulol,” who has since been banned from the platform.
A technical review of the Python payload revealed tell-tale signs of LLM generation. Unlike typical human-authored malware, which prioritizes brevity and often employs heavy obfuscation to thwart reverse engineering, this script was meticulously commented. It featured the preamble: “Network Scanner with Exploitation Framework – Educational/Research Purpose Only”.
These artifacts suggest the attacker likely “jailbroke” a safety-aligned LLM by framing the request as an educational exercise. Further analysis using GPTZero detection tools returned a “moderately confident” assessment that 76% of the code was AI-generated.
The script’s structure was remarkably clean, utilizing a “deliberately structured Next.js server component payload” to force an exception and reveal command output, a technique central to the React2Shell exploit.
Despite the sophisticated delivery method, the ultimate goal of the campaign was resource hijacking for cryptocurrency mining. The script successfully deployed an XMRig miner (version 6.21.0) configured to mine Monero (XMR) via the supportxmr pool.
By analyzing the attacker’s wallet address, researchers were able to track the campaign’s success. As of the report’s release, the campaign had infected approximately 91 hosts, generating a total of 0.015 XMR (valued at roughly £5).
While the financial yield is negligible, the operational implication is severe: a low-sophistication actor successfully compromised nearly 100 systems using a toolset largely created by AI.
Notably, the malware lacked a self-propagating “worm” component, which is unusual for Docker-focused threats. Instead of spreading autonomously from infected hosts, the spreading logic appeared to be handled remotely.
Darktrace observed the initial connection originating from an IP address 49[.]36.33.11 registered to a residential ISP in India. This suggests the attacker utilized a centralized “spreader server” or a residential proxy to manage the campaign manually or via a separate automation script.
The “React2Shell” campaign demonstrates that AI can effectively bridge the gap between intent and capability, allowing adversaries to generate custom, functional malware on demand.
For defenders, this necessitates a pivot toward behavioral detection and rapid patching, as static signatures may fail against the endless variations of code that LLMs can produce.
Indicators of Compromise (IoCs)
Spreader IP – 49[.]36.33.11
Malware host domain – smplu[.]link
Hash – 594ba70692730a7086ca0ce21ef37ebfc0fd1b0920e72ae23eff00935c48f15b
Hash 2 – d57dda6d9f9ab459ef5cc5105551f5c2061979f082e0c662f68e8c4c343d667d
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Threat Actors Exploiting React2Shell Vulnerability Using AI-Generated Malware appeared first on Cyber Security News.
