Several malware families are being distributed using the recently discovered Windows vulnerability known as Follina and CVE-2022-30190, which is still unpatched.
Using specially prepared documents, the vulnerability in the Microsoft Support Diagnostic Tool (MSDT) can be exploited for remote code execution. Despite the fact that the main cause of the security flaw has been known for at least a couple of years, Microsoft appears to have mostly disregarded the problem until now.
This week, Proofpoint disclosed that a prominent cybercrime group known as TA570 leveraged CVE-2022-30190 to deploy Qbot, also known as Qakbot and Pinkslipbot, a commonly used information stealer. Several cybercriminal organizations have used the malware to get initial access to a network that has been compromised.