Critical Alerts: React2Shell, Malicious VSCode Extensions, and Supply Chain Attacks

Date: December 2025
Severity: CRITICAL


Executive Summary

This technical bulletin covers three critical attack vectors currently impacting organizations worldwide: the React2Shell vulnerability (CVE-2025-55182) actively exploited by Chinese APT groups, malicious extensions in the VSCode Marketplace compromising development environments, and the escalation of software supply chain attacks through malicious packages in npm and PyPI.

Estimated Impact:

  • More than 77,000 IP addresses vulnerable to React2Shell
  • 30+ organizations already compromised, including Fortune 500 companies
  • 229 million installations of VSCode extensions containing malicious code
  • Billions of weekly downloads of compromised npm/PyPI packages

THREAT 1: React2Shell Vulnerability (CVE-2025-55182)

1.1 Technical Description

  • CVE: CVE-2025-55182 (also known as React2Shell)
  • CVSS Score: 10.0 (CRITICAL)
  • Affected Component: React Server Components – Flight protocol

The vulnerability allows unauthenticated remote code execution (RCE) via insecure deserialization in the Flight protocol used by React Server Components. An attacker can send a malicious HTTP request to any Server Function endpoint and obtain arbitrary execution of privileged JavaScript code on the server.

Critical characteristic: Applications are vulnerable even if they do not explicitly implement Server Functions, as long as they support React Server Components.

Affected Versions:

  • React: 19.0, 19.1.0, 19.1.1, 19.2.0
  • Next.js: 15.x and 16.x (when using App Router)
  • Affected frameworks and tooling: React Router, Waku, Redwood SDK, Parcel, Vite (RSC plugins)

1.2 Active Exploitation in the Wild

Status: CONFIRMED ACTIVE EXPLOITATION

Threat actors identified exploiting the vulnerability:

  • Earth Lamia (Chinese APT)
  • Jackpot Panda (Chinese APT)
  • CL-STA-1015 (Initial Access Broker linked to Chinese MSS)

Observed malicious activity:

  • Server reconnaissance (whoami, id, reading /etc/passwd)
  • Attempts to steal AWS credentials (.aws/config files)
  • Installation of trojans (SNOWLIGHT, VShell)
  • Interactive shells in containers (Kubernetes / GKE)
  • Persistence through fileless execution of malicious scripts

Alarmingly:

  • 39% of scanned cloud environments contain vulnerable instances (Wiz data)
  • Exploitation success rate is close to 100%
  • 77,000+ exposed and vulnerable IP addresses
  • Exploitation began hours after public disclosure

1.3 URGENT Remediation Actions

IMMEDIATE ACTION – MANDATORY:

  1. Update React to patched versions:
  • React 19.0.1, 19.1.2, or 19.2.1
  1. Update Next.js (if applicable):
  • Next.js 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7
  • Use: npx fix-react2shell-next for automated upgrades
  1. Perform full rebuild and redeploy of affected applications
  2. Rotate secrets (for applications exposed on or around December 4th):
  • AWS / Azure / GCP credentials
  • API tokens
  • Database passwords
  • Encryption keys
  1. Implement WAF rules (temporary mitigation – does NOT replace patching):
  • AWS WAF: AWSManagedRulesKnownBadInputsRuleSet version 1.24+
  • Cloudflare: Updated detection rules applied automatically
  • Google Cloud: Cloud Armor with React2Shell-specific rules
  1. Review access logs for Indicators of Compromise (IoCs):
  • Requests to Server Function endpoints with suspicious payloads
  • DNS queries to *.oast.live or *.oastify.com (OAST – Out-of-Band testing)
  • Unexpected processes spawned by Next.js/React applications
  • Anomalous outbound connections from containers

1.4 Preventive Measures with Rainforest.tech

How Rainforest.tech protects your organization:

  • Automatic Detection of Vulnerable Dependencies
    Our SCA module automatically identifies all vulnerable React 19.x instances in your code, including transitive dependencies you might not be aware of.
  • AI-Powered Reachability Analysis
    We determine whether vulnerable React Server Components code is actually reachable in your applications. If your code does not use RSC, you receive properly prioritized alerts – not noise.
  • Contextualized Prioritization
    We combine exposure data (internet-facing application?), asset criticality, and exploitability analysis to prioritize remediation where the risk is real.
  • Continuous Monitoring
    Continuous scanning of all repositories, container registries, and cloud environments. When a new critical CVE emerges (such as React2Shell), you are alerted in minutes, not days.
  • CI/CD Integration
    Block builds that introduce vulnerable React/Next.js versions before they reach production. Automated guardrails prevent developers from accidentally deploying vulnerable code.

THREAT 2: Malicious Extensions in the VSCode Marketplace

2.1 Problem Description

The VSCode Marketplace, with approximately 50,000 extensions, has become a critical supply chain attack vector. Researchers have identified hundreds of malicious extensions with capabilities including:

  • Theft of complete source code and intellectual property
  • Exfiltration of credentials (GitHub tokens, AWS keys, SSH keys)
  • Installation of cryptominers (e.g., XMRig)
  • Backdoors and remote shells
  • Keyloggers and screen capture
  • Clipboard monitoring to steal cryptocurrency wallets

Scale of the problem:

  • 229 million installations of extensions with confirmed malicious code
  • 1,283 extensions containing dependencies with known vulnerabilities
  • 550+ validated secrets exposed in extensions (PATs, API keys, AI tokens)
  • 100+ organizations compromised, including companies with a combined $483B market cap

2.2 Observed Attack Tactics

  1. Typosquatting and Name Confusion
  • Malicious extensions mimic popular names with small variations
  • Examples:
    • prettiest java vs Prettier-Java
    • Theme Darcula dark to hijack installs from the popular Dracula theme
  1. Trojan Horse – Legit Functionality + Malicious Payload
  • Extensions provide the promised functionality (formatting, themes, etc.) to avoid suspicion while executing malicious code in the background.
  1. Supply Chain Hijack – Malicious Update Later
  • Attackers publish initially benign extensions, gain traction and trust, then introduce malicious code in later updates.
  • Since VSCode updates extensions automatically by default, payloads are silently distributed.
  1. Fraudulent Verified Publisher Badges
  • Attackers register related domains and verify them in the VSCode Marketplace to obtain the “blue badge” of a verified publisher, creating false credibility.
  1. Exfiltration via Legitimate Channels
  • Use of services like Zulip, Ngrok, and other legitimate platforms for C2 and data exfiltration, making firewall-based detection harder.

2.3 Identified Malicious Extensions (Recent Examples)

ExtensionDownloadsMalicious Payload
Theme Darcula dark45,000+Theft of PII and developer configuration data
C++ Playground17,000+Keylogger capturing C++ source code
HTTP FormatUnknownCryptomining (CoinIMP)
Christine-devops1234.scraperActiveTheft of code, machine IDs, search queries
Codo AI (Bitcoin Black)RecentInfostealer with hidden PowerShell execution

2.4 Remediation and Prevention Measures

Immediate Actions:

  • Audit all currently installed extensions
  • Remove extensions from unverified or low-reputation publishers
  • Review ratings, update history, and installation counts
  • Disable auto-update for extensions in critical environments

Best Practices:

  • Minimize the number of installed extensions
  • Prefer the official VSCode Marketplace (stricter controls) over OpenVSX
  • Implement a centralized allowlist of approved extensions
  • Maintain an inventory of IDE extensions for rapid incident response
  • Isolate development environments from production networks
  • Review the code of critical extensions before adoption

2.5 Protection with Rainforest.tech

How Rainforest.tech identifies IDE-related risks:

  • Secret Detection in Code
    Our Secrets Detection module identifies tokens, API keys, and hardcoded credentials that could be exposed if a malicious extension exfiltrates your source code.
  • SCM Posture Management
    Monitor GitHub/GitLab/Azure DevOps configurations to detect excessive permissions that malicious extensions could abuse.
  • Development Dependency Analysis
    Even if we cannot directly scan VSCode extensions, we analyze all npm/PyPI dependencies in your projects — including dev dependencies that might be leveraged by malicious extensions.
  • Anomalous Behavior Alerts
    Detection of suspicious patterns such as massive code commits, unexpected configuration file changes, or abnormal outbound connections.

THREAT 3: Supply Chain Attacks – Malicious npm and PyPI Packages

3.1 Threat Landscape

Software supply chain attacks through open-source package repositories are rising sharply. In 2024–2025, coordinated campaigns have targeted npm and PyPI simultaneously, with threat actors reusing the same techniques across ecosystems.

Alarming Statistics:

  • September 2025: 20 popular npm packages (2 billion weekly downloads) compromised via maintainer phishing
  • June 2025: @gluestack-ui and @react-native-aria packages compromised (cumulative 150K installs)
  • 14 of 23 crypto-motivated campaigns in 2024 targeted npm (the rest targeted PyPI)
  • Cross-ecosystem attacks: The same actor MUT-8694 targeting both npm and PyPI simultaneously

3.2 Common Attack Tactics

  1. Maintainer Compromise (Account Takeover) Vectors:
  • Phishing for npm/PyPI credentials using fake login pages
  • Adversary-in-the-Middle (AiTM) attacks capturing 2FA
  • Theft of Personal Access Tokens (PATs) Example:
  • Maintainer of chalk and debug (npm) received a fake email from support@npmjs[.]help requesting a 2FA update.
  • Result: 20 packages were compromised.
  1. Typosquatting and Name Confusion
  • PyPI: graphalgo (malicious) vs graphdict (legit)
  • npm: express-cookie-parser (malicious) vs cookie-parser (legit)
  • Cross-ecosystem: using npm-like names to attack PyPI users
  1. Dependency Confusion
  • Attackers discover names of internal private packages and publish malicious public versions with higher version numbers.
  • Misconfigured package managers then pull the malicious public version.
  1. Trojan Source – Malicious Update Later
  • Example: PyPI package semantic-types was benign at its initial publication (2024-12-22), but a malicious payload was introduced in an update (2025-01-26).
  1. Fake Job Assessments
  • Attackers pose as recruiters and ask candidates to clone GitHub repositories containing malicious npm packages as part of a “technical assessment.”

3.3 Typical Malicious Payloads

Infostealers:

  • Browser credentials (Chrome, Firefox, Brave, Opera)
  • Cryptocurrency wallets (Bitcoin, Ethereum, Solana)
  • GitHub tokens, AWS keys, .env secrets
  • Git configurations (.gitconfig)
  • iCloud Keychain data

Backdoors and RATs:

  • Remote command execution via C2
  • Keylogging and screen capture
  • File system scanning and source code exfiltration

Cryptominers:

  • XMRig (Monero mining) consuming host resources

Wipers and Destructive Payloads:

  • Recursive file deletion (rm -rf *, rd /s /q)
  • Service shutdown and data corruption

Crypto Hijackers:

  • Monkey-patching Solana keypair generation functions
  • Intercepting and redirecting cryptocurrency transactions

3.4 Indicators of Malicious Packages

Red Flags:

  • Typosquatting or name very similar to a popular package
  • New or unverified publisher
  • Overly polished README for a newly released package
  • Obfuscated code (base64, hex encoding) in initialization files
  • Execution of system commands (PowerShell, bash, curl/wget)
  • Undocumented network connections to unknown IPs or domains
  • Use of DGA (Domain Generation Algorithms) for C2
  • PATH manipulation or persistence installation
  • Download numbers that are suspiciously high for a new package

3.5 Remediation and Prevention Measures

Immediate Actions if Compromised:

  • Identify malicious versions in use (inspect lock files)
  • Remove compromised packages and downgrade to known safe versions
  • Rotate all secrets that may have been exposed
  • Audit access logs for signs of data exfiltration
  • Check for persistence mechanisms (cron jobs, startup scripts, registry keys)

Best Practices:

  • Dependency Locking:
  • Use package-lock.json (npm) and requirements.txt with hashes (PyPI).
  • Integrity Verification:
  • Always verify checksums and signatures when available.
  • Automated Scans:
  • Integrate SCA tools into CI/CD pipelines.
  • Manual Vetting:
  • Review the code of new dependencies before adding them.
  • Least Privilege:
  • Avoid running builds as root/admin.
  • Isolation:
  • Use containers or sandboxes for builds.
  • Monitoring:
  • Set alerts for new dependency additions/updates.
  • Education:
  • Train developers on supply chain threats.

3.6 Comprehensive Protection with Rainforest.tech

Rainforest.tech – Your Definitive Defense Against Supply Chain Attacks

  • Native SCA with Reachability Intelligence
    We don’t just detect known vulnerabilities in your npm/PyPI dependencies — we determine whether vulnerable code is actually reachable in your application. This can reduce alert volume by up to 80%, allowing your team to focus on what truly matters.
  • Real-Time Detection of Malicious Packages
    Our threat intelligence continuously monitors npm, PyPI, and other registries for new malicious packages. When campaigns like those described in this bulletin emerge, customers are immediately alerted if they are exposed.
  • Behavioral Analysis and Advanced Heuristics
    We detect suspicious patterns such as:
  • Obfuscated code in dependencies
  • Undocumented network calls
  • Execution of suspicious system commands
  • Typosquatting and dependency confusion
  • Automatic, End-to-End SBOM
    We generate a complete Software Bill of Materials (SBOM) for all your applications, including deep transitive dependencies. When a compromised package is discovered (e.g., chalk, debug), you instantly know which applications are affected.
  • Automated Guardrails in CI/CD
    Block builds that introduce:
  • Packages with vulnerabilities above your defined threshold
  • Packages from untrusted or newly created publishers
  • Dependencies with malicious behavior patterns
  • Typosquatting variants of popular packages
  • Cross-Ecosystem Visibility
    Unified coverage for npm, PyPI, Maven, NuGet, RubyGems, and more. Threat actors move across ecosystems — our platform follows.
  • Risk-Based Contextual Prioritization
    We consider:
  • Where the application runs (production vs. dev)
  • External exposure (internet-facing?)
  • Asset criticality (sensitive data?)
  • Exploitability (PoC available? Active exploitation?)
  • Reachability of vulnerable code
  • Integration with Existing Tools
    Jira, ServiceNow, Slack, Teams, PagerDuty — automate remediation workflows and keep all stakeholders aligned.

With Rainforest.tech, you’re not just detecting vulnerabilities — you’re proactively preventing threats from entering your software supply chain.


CONCLUSION AND FINAL RECOMMENDATIONS

The threat landscape described in this bulletin represents a dangerous convergence of software supply chain attack vectors:

  • React2Shell shows how deserialization vulnerabilities can have massive impact in widely adopted frameworks.
  • Malicious VSCode extensions prove that even developer tools have become attack vectors.
  • Attacks on npm/PyPI reveal growing sophistication and cross-ecosystem coordination among threat actors.

Strategic Priorities

  1. Total Visibility
    You cannot protect what you cannot see. Implementing comprehensive ASPM (Application Security Posture Management) is critical.
  2. Intelligent Prioritization
    With thousands of vulnerabilities reported, prioritizing based on real context (not just CVSS) is essential for efficiency.
  3. Shift Left with Guardrails
    Blocking vulnerabilities and malicious packages before they reach production is 10x more efficient than post-deployment remediation.
  4. Rapid Response
    When threats like React2Shell emerge, every hour matters. Having the ability to identify exposure and remediate within minutes can be the difference between a contained incident and a massive breach.

Rainforest.tech was built specifically to face these challenges. Our unified platform delivers the visibility, intelligence, and automation you need to protect your software supply chain in a constantly evolving threat landscape.

rainforest.news

Your dose of cyber content by Rainforest.
We do the hard work reading and filtering the best content so you don’t have to.