skip to Main Content

Cybercrime, Owowa steals Microsoft Exchange credentials

Kaspersky: Owowa steals Microsoft Exchange credentials: It’s a IIS module that steals data entered by a user when logging into OWA. It also allows remote access to targeted servers

Cybercrime actors are stealing Microsoft Exchange credentials, using a malware dubbed Owowa. It has been discovered by Kaspersky cybersecurity experts. It’s a IIS module that steals credentials entered by a user when logging into Outlook Web Access (OWA). It also allows the attackers to gain remote control access to the underlying server. Compiled sometime between late 2020 and April 2021, Owowa is a stealthy theft method that is difficult to detect with network monitoring. It’s also resistant to software updates from Exchange, meaning it can stay hidden on a device for a long time. The most targeted victims are located in Asia (Malaysia, Mongolia, Indonesia, and the Philippines). They are connected with government organizations and transportation companies. According the researchers, It is likely there are additional victims in Europe.

Back To Top