Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

On Microsoft Exchange Outlook Web Access servers, malicious actors are distributing a previously unknown malware, an Internet Information Services (IIS) webserver module branded “Owowa,” with the objective of stealing credentials and enabling remote command execution.

According to Kaspersky researchers Paul Rascagneres and Pierre Delcher, “Owowa is a C#developed.NET v4.0 assembly that is designed to be loaded as a module within an IIS web server that also exposes Exchange’s Outlook Web Access (OWA).” “Owowa will steal credentials submitted by any user in the OWA login page and allow a remote operator to perform commands on the underlying server when loaded this manner.”

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

15-Dec-21

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address