Recent research by ESET has revealed that two critical zero-day vulnerabilities in Firefox and Windows are being exploited by the Russian APT group known as RomCom, posing a significant risk of malware infection for users.
The first vulnerability, identified in Firefox, is a use-after-free bug. This flaw allows the browser to access memory that has already been released, leading to potentially dangerous behavior, including the execution of arbitrary code. Mozilla addressed this vulnerability, designated as CVE-2024-9680, shortly after its discovery on October 8.
ESET researchers also uncovered a second vulnerability in the Windows operating system, identified by the code CVE-2024-49039. This flaw permits a pre-authenticated attacker to execute malicious code on the system. By exploiting both vulnerabilities, the RomCom group was able to install spyware on the targeted devices.
The attack method employed by RomCom involves embedding exploit code within a malicious website. When users visit this site, the exploit redirects them to a server hosting malware, resulting in an infection. Notably, this is classified as a “zero-click” attack, meaning users are compromised merely by visiting the website without any additional action required.
While ESET has not disclosed the exact number of affected users, they indicated that most of the attacks were aimed at targets in Europe and North America between October 10 and November 4. Fortunately, patches for both vulnerabilities have been released. Experts strongly advise users to ensure that they are using the latest versions of Firefox, Thunderbird, and Tor Browser, which were confirmed to have vulnerabilities, as well as updated Windows operating systems, to safeguard their devices against these attacks.
