Russian RomCom Hackers Target Firefox And Windows 0-Day Exploits In The Wild

romcom mozilla exploit hero
It might seem as if threat actors have been more heavily targeting mobile users lately with malware and exploits, but it doesn’t mean desktop users can drop their guard. Researchers at ESET have discovered a vulnerability in several Mozilla products, which are currently being exploited by a Russian hacking group known as RomCom. This isn’t the first time RomCom has been spotted using such an impactful vulnerability, with the group using an exploit found in Microsoft Word last year.

The affected products are Firefox, the Tor Browser, and Thunderbird e-mail client. The vulnerability allows an attacker to “execute code in the restricted context of the browser.” While this is bad enough, this attack is being chained with another vulnerability found in Windows, which tacks on the ability to run arbitrary code as a logged-in user. RomCom uses these vulnerabilities together to install the eponymous backdoor without any intervention required by the victim.

romcom mozilla exploit body

Thankfully, Mozilla’s security team was quick to address the issues once the ESET researchers presented them with their findings. The team was able to release a fix in 25 hours for all of the affected software, which the researchers pointed as “being very responsive and highlight their impressive work to release a patch within a day.” The patch was successful, as the researchers were unable to reproduce the exploit on these applications once they’re updated.

Firefox, Tor Browser and Thunderbird users should check for and apply any available updates as soon as possible, as the aforementioned vulnerabilities are currently being exploited in the wild. With the current RomCom campaign affecting users located in North America and across Europe.