The Russia-aligned cyber bad guy group RomCom is in the spotlight again for using two big security mess-ups, one in Mozilla Firefox and one in Microsoft Windows, to put their sneaky backdoor into peoples' computers. This is pretty nasty because they can run their code without you even clicking on anything (zero click, which is like ghost hacking).
ESET, the cool security company, talked about this in a report they gave to The Hacker News. They said if you go on a website they made that's got the trick in it, and you're using an old version of Firefox, boom! Your computer gets a free, unwanted gift of their backdoor.
Here are the techy details of the flaws they used:
- CVE-2024-9680 (CVSS score: 9.8) is like a hole in Firefox's Animation part that lets them do stuff they shouldn't.
- CVE-2024-49039 (CVSS score: 8.8) is another hole, but this one's in Windows Task Scheduler, which helps them get big boss powers on your computer.
RomCom has been playing both the cybercrime and spy games since around 2022, and they're good at it. They use a malware called RomCom RAT that can do whatever they want on your machine, like a robot that listens to commands and keeps getting new skills.
The way they do it is through a fake website, economistjournal[.]cloud, that sends you to a naughty server, redjournal[.]cloud, that has the code to mess with your computer. If you go to the fake site with the right (or wrong) version of Firefox, it'll start the whole bad process.
The code they use is super sneaky. It has two parts, the first one gets the second part and makes the pages do something they're not supposed to. Then, it uses some open-source magic called Shellcode Reflective DLL Injection to run their bad program outside the browser's safe zone.
This helps them escape the sandbox and install their RomCom RAT on your computer without you even knowing. They're like ninjas of the cyber world! Most of the people who got tricked by this were from Europe and North America.
And guess what? This isn't the first time they've used a zero-day bug. They did it before in June 2023 with something in Microsoft Word. Using two of these secret flaws in one attack is like having a cheat code in a video game. It shows they're really good at hiding and doing bad things without getting caught.
So, if you don't want these digital ninjas in your computer, make sure you update your software. It's like patching up the holes in your digital fortress!