EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
▼ BEARISH Thehackernews April 30, 2026 · 11:30 UTC

EtherRAT Malware Distributes via GitHub Spoofing and Blockchain C2

A sophisticated malware campaign, dubbed 'Administrative Utility Spoofing,' is targeting enterprise administrators using SEO poisoning, dual-stage GitHub distribution, and a decentralized command-and-control (C2) infrastructure based on the Ethereum blockchain. The malware, identified as EtherRAT, impersonates legitimate administrative tools like PsExec and Sysmon to gain access to high-privilege accounts. Its C2 communication utilizes Ethereum smart contracts, making takedown efforts difficult. The campaign has been active since early December 2025 and is linked to Lazarus Group and MuddyWater.

News

Powered by Gemini

News: A new malware campaign, 'Administrative Utility Spoofing,' targets enterprise administrators by impersonating legitimate administrative tools (PsExec, Sysmon, etc.) and distributing malware via a dual-stage GitHub architecture. The campaign utilizes SEO poisoning to direct users to malicious repositories disguised as legitimate software download sites. Once executed, the malware (EtherRAT) uses Ethereum smart contracts to dynamically resolve its command-and-control (C2) server address, making traditional takedown methods ineffective. The campaign has been ongoing since December 2025 and has deployed 44 GitHub facades. It is linked to both the Lazarus Group and MuddyWater APT groups.

AI Analysis: This campaign represents a significant escalation in malware resilience and sophistication. The use of blockchain-based C2 infrastructure and a dynamic GitHub distribution network makes it exceptionally difficult to disrupt, posing a serious threat to organizations with high-privilege IT personnel.

Back to news
Share:

This content is automatically generated from public news sources. This is not financial advice.

Related News

HSC Asset Management Hong Kong VC Panel: ‘Flight To Stability’ Explores Macro Shifts, Crypto Risk, And Institutional Capital Flows
◆ NEUTRAL
Mpost Apr 30, 2026

HSC Asset Management Hong Kong VC Panel: ‘Flight To Stability’ Explores Macro Shifts, Crypto Risk, And Institutional Capital Flows

Read more
Quantum Blockchain Technologies Plc - Total Voting Rights
◆ NEUTRAL
Finanznachrichten De Apr 30, 2026

Quantum Blockchain Technologies Plc - Total Voting Rights

Read more
▲ BULLISH
Globenewswire Apr 30, 2026

Enlivex's RAIN Token Listed on HTX Exchange

Read more

Detailed analysis: latest crypto news

Read crypto news and understand market impact. Our trading analysis site helps you dive deeper into cryptocurrency updates, analyzing what is happening with bitcoin today using indicators and orderflow tools.