Cybersecurity researchers have discovered malware that can infect organizations using Microsoft’s Outlook mail server and collect email passwords via the attack. It works by placing a malicious DLL file on the Outlook Web Application (OWA) mail server.
An unnamed company contacted the security firm Cybereason after becoming suspicious about an infection, according to Ars Technica. Cybereason found the malicious DLL file and discovered it had a backdoor that allowed passwords to be stolen any time a user logged on – and this company had 19,000 points of access! This type of malware is called an advanced persistent threat, because it can be deployed for months or years at a time.
Most individual users of Outlook don’t need to worry about this attack – it’s specific to organizations that use the OWA server for their email. For companies or organizations that do use the OWA server, Ars Technica warns that OWA is attractive to hackers because it connects the public Internet with resources inside organizations’ firewalls.
Cybereason didn’t report any discoveries other than the one attack, but it’s expected to be seen again with other large organizations.