A fraud campaign has been exploiting the newly disclosed Follina security vulnerability to issue an private backdoor, named Rozena on the Windows systems.
Rozena is a backdoor malware which has a ability to insert a remote shell connection, back into the attacker’s machine. The basic function of the malware is to inject a shellcode in the systems. Afterwards , it launches a reverse shell to the attacker’s host which allows the attacker to hack the control of the targeted system. Accordingly, the attackers then, obtains every information from the target system, while maintaining a backdoor into the system.
The misuse of the Follina security vulnerability is done by distributing the malware through the malicious word documents. The word documents are then distributed through emails which contains a password-protected ZIP as an attachment, an HTML file and a link to download, in the body of the email. Various malwares such as Emotet, QBot, IcedID, and Bumblebee are then inserted to the victim’s device.
