Video
According to ESET’s analysis, a newly discovered backdoor enables attackers to execute malicious code and load additional modules onto an unsuspecting victim’s device.
Researchers at ESET have discovered two previously unknown vulnerabilities affecting various Mozilla products and Windows systems, both of which are currently being actively exploited by the Russia-aligned group RomCom.
- A use-after-free vulnerability exists in Firefox, Thunderbird, and the Tor Browser, allowing attackers to execute code within the browser’s restricted context by exploiting weak variations of these applications. The Mozilla development team swiftly addressed the security concern by releasing a patch on October 9.th, 2024.
- A privilege escalation vulnerability exists in Windows, allowing malicious code to execute outside the Firefox sandbox. Microsoft released a patch to address the second vulnerability on November 12.th, 2024.
Without proper validation, chaining two vulnerabilities enables malicious users to execute arbitrary code on behalf of an authenticated user, effectively bypassing any human interaction, all disguised as a seemingly innocuous . Notably, ESET identified several campaigns that culminated in the installation of RomCom’s self-titled backdoor on victims’ laptops. The backdoor can execute instructions and obtain additional modules on the victim’s machine.
The compromise chain typically comprises a sequence of malicious activities, including initial access, lateral movement, escalation of privileges, command-and-control (C2) communication, data exfiltration, and potential persistence mechanisms. It’s crucial to recognize that exploit chains often involve multiple vulnerabilities, which can be exploited in varying orders to achieve the attacker’s objectives. Discover the findings of a recent video featuring ESET’s Chief Security Evangelist, and take the time to thoroughly read the accompanying report as well.
