Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

[[correlate]]

Content source

https://thehackernews.com/2022/07/hackers-exploiting-follina-bug-to.html

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems.

"Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week.

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

Hackers exploit the Follina vulnerability to infect Windows systems with the Rozena backdoor.

thehackernews.com

 

[Andy Ful]

Although the vulnerability was patched several weeks ago via standard Windows updates, there are still many unpatched machines. The attackers use several well-known delivery methods:

While attacks spotted in early April prominently featured Excel files with XLM macros, Microsoft's decision to block macros by default around the same time is said to have forced the threat actors to pivot to alternative methods like HTML smuggling as well as .LNK and .ISO files.