Security News > 2022 > July > Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems.

"Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week.

The malware's core function is to inject shellcode that launches a reverse shell to the attacker's host, ultimately allowing the attacker to take control of the system required to monitor and capture information, while also maintaining a backdoor to the compromised system.

The exploitation of the Follina flaw to distribute malware through malicious Word documents comes as social engineering attacks relying on Microsoft Excel, Windows shortcut, and ISO image files as droppers to deploy malware such as Emotet, QBot, IcedID, and Bumblebee to a victim's device.

The droppers are said to be distributed through emails that contain directly the dropper or a password-protected ZIP as an attachment, an HTML file that extracts the dropper when opened, or a link to download the dropper in the body of the email.

It's worth noting that macros have been a tried-and-tested attack vector for adversaries looking to drop ransomware and other malware on Windows systems, whether it be through phishing emails or other means.

News URL

https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html