Security News > 2020 > May > Valak Loader Revamped to Rob Microsoft Exchange Servers
Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found.
Valak was first observed as a loader in 2019 but has now gone through "a series of dramatic changes, an evolution of over 30 different versions in less than six months," Cybereason Nocturnus researchers Eli Salem, Lior Rochberger and Assaf Dahan said in a report posted online Thursday.
Stealing Microsoft Exchange information can potentially give bad actors access to critical enterprise accounts, which has the downstream effect of causing financial or other damage to organizations, such as loss of customer trust and faith in a company's brand or mission, researchers observed.
The latest version of the malware-which researchers said is version 24-shows attackers abandoning using PowerShell, which also makes Valak less apt to be detected and prevented by modern security products, researchers said.
While the Cybereason team observed Valak being used independently, the malware's dramatic makeover seems to suggest that the threat actor or actors behind the revamped loader aren't acting alone, researchers said.
News URL
https://threatpost.com/valak-loader-microsoft-exchange-servers/156078/
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)