Security News > 2020 > May > Valak Loader Revamped to Rob Microsoft Exchange Servers

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found.

Valak was first observed as a loader in 2019 but has now gone through "a series of dramatic changes, an evolution of over 30 different versions in less than six months," Cybereason Nocturnus researchers Eli Salem, Lior Rochberger and Assaf Dahan said in a report posted online Thursday.

Stealing Microsoft Exchange information can potentially give bad actors access to critical enterprise accounts, which has the downstream effect of causing financial or other damage to organizations, such as loss of customer trust and faith in a company's brand or mission, researchers observed.

The latest version of the malware-which researchers said is version 24-shows attackers abandoning using PowerShell, which also makes Valak less apt to be detected and prevented by modern security products, researchers said.

While the Cybereason team observed Valak being used independently, the malware's dramatic makeover seems to suggest that the threat actor or actors behind the revamped loader aren't acting alone, researchers said.

News URL

https://threatpost.com/valak-loader-microsoft-exchange-servers/156078/