Security News > 2021 > December > New Microsoft Exchange credential stealing malware could be worse than phishing

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service web server software that it said is designed to harvest credentials from Outlook Web Access, the webmail client for Exchange and Office 365.

"While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020," Kaspersky said in its announcement of the discovery.

Owowa is an add-on for IIS, which is itself software built to manage web server services that Microsoft describes as being made up of more than 30 independent modules.

Owowa is designed to get installed in IIS, and once installed looks for evidence that the IIS server it's on is responsible for exposing a business's Exchange server's OWA portal.

If its raw potential for undetected data theft isn't enough of a reason to watch out for Owowa, consider its raw potential to crash your Exchange or IIS servers as another reason to take the right precautions.

Check all IIS modules on exposed IIS servers regularly - especially if that IIS server deals with Exchange.

News URL

https://www.techrepublic.com/article/new-microsoft-exchange-credential-stealing-malware-could-be-worse-than-phishing/#ftag=RSS56d97e7