Security News > 2021 > December > New Microsoft Exchange credential stealing malware could be worse than phishing

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service web server software that it said is designed to harvest credentials from Outlook Web Access, the webmail client for Exchange and Office 365.
"While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020," Kaspersky said in its announcement of the discovery.
Owowa is an add-on for IIS, which is itself software built to manage web server services that Microsoft describes as being made up of more than 30 independent modules.
Owowa is designed to get installed in IIS, and once installed looks for evidence that the IIS server it's on is responsible for exposing a business's Exchange server's OWA portal.
If its raw potential for undetected data theft isn't enough of a reason to watch out for Owowa, consider its raw potential to crash your Exchange or IIS servers as another reason to take the right precautions.
Check all IIS modules on exposed IIS servers regularly - especially if that IIS server deals with Exchange.
News URL
Related news
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)