RomCom RAT Attacking UK Organizations Via Customer Feedback Portals

Cybersecurity experts recommend organizations implement strict input validation on customer feedback forms, disable JavaScript processing in feedback management systems, and employ application allowlisting to prevent unauthorized code execution. A sophisticated Remote Access Trojan (RAT) dubbed “RomCom” has emerged as a significant threat targeting UK organizations through their customer feedback portals. The malware’s name “RomCom” derives from its dual-component structure, with a “romantic” initial lure via personalized customer feedback that subsequently “communicates” with command servers once installed. Cybersecurity experts have identified a coordinated campaign exploiting these seemingly innocuous feedback mechanisms to deliver the malware, which grants attackers comprehensive remote control over infected systems. When customer service representatives open these submissions, the malware exploits vulnerabilities in feedback processing applications to establish persistence. The infection process begins when an organization’s customer service representative opens a specially crafted feedback submission containing obfuscated JavaScript. The threat actors behind RomCom have demonstrated advanced social engineering skills by crafting convincing feedback submissions that contain embedded malicious code. Initial analysis indicates that over 30 organizations have been compromised, with attackers gaining access to sensitive customer data and internal network resources. What distinguishes this campaign is its specialized focus on feedback portals, an attack vector previously underutilized in sophisticated attacks. The STIX graph shows the complete infection sequence from initial feedback submission to full system compromise. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. “The sophistication of this campaign suggests a well-resourced threat actor with potential nation-state backing,” noted Seqrite’s lead researcher Dr.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 15:25:10 +0000


Cyber News related to RomCom RAT Attacking UK Organizations Via Customer Feedback Portals

RomCom RAT Attacking UK Organizations Via Customer Feedback Portals - Cybersecurity experts recommend organizations implement strict input validation on customer feedback forms, disable JavaScript processing in feedback management systems, and employ application allowlisting to prevent unauthorized code execution. A ...
5 hours ago Cybersecuritynews.com
The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
1 year ago Cyberdefensemagazine.com
Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges - Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. Besides operating a Telegram channel offering leaked databases, carding ...
1 year ago Cysecurity.news
Nebulous Mantis Hackers Actively Deploying RomCom RAT to Attack Organizations Worldwide - The campaign employs deceptive spear-phishing tactics coupled with multi-stage malware deployment to establish persistent access to victim networks, exfiltrate sensitive data, and potentially enable lateral movement within compromised ...
3 days ago Cybersecuritynews.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
1 year ago Hackread.com
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad - For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. An outsourced customer service firm can ...
10 months ago Itsecurityguru.org
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
1 year ago Darkreading.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
1 year ago Securityzap.com
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities - The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and ...
1 year ago Thehackernews.com CVE-2023-38831 APT3 SideCopy Transparent Tribe
The Rise of Digital Customer Experience - Digital customer experience is a hot topic these days. In all seriousness, digital customer experience is one of the most important differentiators for your business. At its core, DCX is about the customer journey-a guided path for your customers to ...
1 year ago Feedpress.me
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
1 year ago Darkreading.com
FBI Shuts Down Warzone RAT; Cybercriminals Arrested - In a major victory against cybercrime, the FBI has successfully taken down the Warzone RAT malware operation. This operation led to the arrest of two individuals involved in the illicit activities. One of the suspects, 27-year-old Daniel Meli from ...
1 year ago Cysecurity.news
Chinese hackers target Russian govt with upgraded RAT malware - Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word ...
2 weeks ago Bleepingcomputer.com CVE-2021-40449
Hackers Attacking HR Departments with Fake Resumes That Drop More_eggs Malware - Once fully operational, More_eggs collects extensive system information, including OS installation date, antivirus details, username, computer name, OS version, IP address, and more-sending this intelligence back to command-and-control servers for ...
2 hours ago Cybersecuritynews.com
Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
1 month ago Bleepingcomputer.com
Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
1 year ago Windowsir.blogspot.com
FBI seizes Warzone RAT infrastructure, arrests malware vendor - The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Daniel Meli, 27, a resident of Malta, was arrested last week for his role in the proliferation of ...
1 year ago Bleepingcomputer.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
1 year ago Darkreading.com
NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps - Security experts recommend users maintain updated antivirus software, implement application whitelisting, disable PowerShell execution for standard users, and be vigilant about suspicious links or commands. As Neptune RAT continues to evolve with new ...
4 weeks ago Cybersecuritynews.com
SugarGh0st RAT Delivered via Malicious Windows & JavaScript - RATs allow threat actors to execute the following malicious actions while remaining hidden from the victim:-. Recently, cybersecurity researchers at Cisco Talos discovered a malicious campaign that was found to be delivering a new RAT that's been ...
1 year ago Cybersecuritynews.com
Lifehacks for Analyzing Orcus Rat Data in 2023 - As the world of data becomes an increasingly integral part of our lives, it is important to understand how to analyze data from the Orcus Rat. This is because it can provide an even greater understanding of the trends in the market and how companies ...
2 years ago Thehackernews.com
Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
1 year ago
Silver RAT Evades Anti-viruses to Hack Windows Machines - Hackers use Remote Access Trojans to gain unauthorized access and control over a victim's computer remotely. These malicious tools allow hackers to perform various malicious activities like the following without the user's knowledge:-. Recently, ...
1 year ago Cybersecuritynews.com
Customer Success Stories - Below is a short summary of all the new 2023 financial services customer success stories. Also at Cisco conferences and events we often have customers present but unfortunately most of the time these presentations are not turned into formal customer ...
1 year ago Feedpress.me
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com

Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)