Rozena Backdoor Deployed by Abusing the Follina Vulnerability

 

A newly discovered phishing campaign is exploiting the Follina security vulnerability to deploy a private backdoor, named Rozena on the Windows systems. 

“Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker’s machine,” Cara Lin, a researcher at Fortinet FortiGuard Labs stated in a report published this week. 

Tracked as CVE-2022-30190, the security bug is related to the Microsoft Support Diagnostic Tool (MSDT) that impacts Windows 7, Windows 8.1, Windows 10, Windows 11, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022. The vulnerability came to light in late May 2022 but the root cause of the flaw has been known for at least a couple of years. 

The latest attack chain is a weaponized Office document that, when opened, links to a Discord CDN URL to retrieve an HTML file (“index.htm”) that, in turn, triggers the diagnostic utility employing a PowerShell command to download next-stage payloads from the same CDN attachment space. 
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: