Cybersecurity experts recommend organizations implement strict input validation on customer feedback forms, disable JavaScript processing in feedback management systems, and employ application allowlisting to prevent unauthorized code execution. A sophisticated Remote Access Trojan (RAT) dubbed “RomCom” has emerged as a significant threat targeting UK organizations through their customer feedback portals. The malware’s name “RomCom” derives from its dual-component structure, with a “romantic” initial lure via personalized customer feedback that subsequently “communicates” with command servers once installed. Cybersecurity experts have identified a coordinated campaign exploiting these seemingly innocuous feedback mechanisms to deliver the malware, which grants attackers comprehensive remote control over infected systems. When customer service representatives open these submissions, the malware exploits vulnerabilities in feedback processing applications to establish persistence. The infection process begins when an organization’s customer service representative opens a specially crafted feedback submission containing obfuscated JavaScript. The threat actors behind RomCom have demonstrated advanced social engineering skills by crafting convincing feedback submissions that contain embedded malicious code. Initial analysis indicates that over 30 organizations have been compromised, with attackers gaining access to sensitive customer data and internal network resources. What distinguishes this campaign is its specialized focus on feedback portals, an attack vector previously underutilized in sophisticated attacks. The STIX graph shows the complete infection sequence from initial feedback submission to full system compromise. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. “The sophistication of this campaign suggests a well-resourced threat actor with potential nation-state backing,” noted Seqrite’s lead researcher Dr.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 15:25:10 +0000