Russian RomCom Hackers Target Firefox And Windows 0-Day Exploits In The Wild
The affected products are Firefox, the Tor Browser, and Thunderbird e-mail client. The vulnerability allows an attacker to “execute code in the restricted context of the browser.” While this is bad enough, this attack is being chained with another vulnerability found in Windows, which tacks on the ability to run arbitrary code as a logged-in user. RomCom uses these vulnerabilities together to install the eponymous backdoor without any intervention required by the victim.
Thankfully, Mozilla’s security team was quick to address the issues once the ESET researchers presented them with their findings. The team was able to release a fix in 25 hours for all of the affected software, which the researchers pointed as “being very responsive and highlight their impressive work to release a patch within a day.” The patch was successful, as the researchers were unable to reproduce the exploit on these applications once they’re updated.
Firefox, Tor Browser and Thunderbird users should check for and apply any available updates as soon as possible, as the aforementioned vulnerabilities are currently being exploited in the wild. With the current RomCom campaign affecting users located in North America and across Europe.