News

Follina to Rozena - Leveraging Discord to Distribute a Backdoor

  • 11 July 2022
  • 0 replies
  • 4 views
Follina to Rozena - Leveraging Discord to Distribute a Backdoor
Userlevel 5
Badge +3
  • Community Manager
  • 25 replies

In May 2022, Microsoft published an advisory about CVE-2022-30190, which is about a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability.
Attackers can inject a malicious external link to an OLE Object in a Microsoft Office document, then lure victims to click or simply preview the document in order to trigger this exploit.
It will then execute a payload on the victim's machine.

During Forti tracking last month, they found a document that exploited CVE-2022-30190, aka Follina, then downloaded Rozena to deploy a fileless attack and leverage the public Discord CDN attachment service.
Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine.


0 replies

Be the first to reply!

Reply