Hackers Attacked Microsoft Outlook Web App to steal Login Credentials
Researchers have recently founded a hazardous Backdoor in Microsoft’s Outlook Web Application, which allows the hackers to steal e-mail and passwords from major organizations.
The Outlook Web Application was deployed by Microsoft in private companies and firms. It is an internet facing webmail server which provides internal emailing capabilities.
A suspicious DLL file in company’s OWA is founded by the researchers of the Security firm Cybereason. This DLL file siphon decrypted HTTPS server request.
They founded this DLL file by the same name as the others DLL files were having, but this file was not signed and loaded from another directory.
DLL on OWA Server
The Security firm said, hackers replaced the DLL file used by OWA for the authentication mechanism (OWAAUTH.dll) by the file which contained a dangerous backdoor.
On running of the OWA over the server, allowed the hackers to steal HTTPS protected server requests, which also includes the login information after they had been decrypted.
More Than 11,000 Credentials have been stolen
Users who were using the hacked server had compromised their Username and Password with the hackers. The credentials were also stored by the hackers. Researchers founded that more than 11,000 credentials in a log.txt file was used by the hackers to store all the logged data.
Hackers have created this Backdoor so efficiently that it also avoid auditing and security inspection, for this hackers utilized a .NET assembly cache. And it is also not easy to remove the backdoor from OWA, attackers also created an IIS filter by which the malicious OWAAUTH.dll is loaded automatically every time the server is started.
We can’t conclude to the result that how wide this attack is? But there are chances that the attack could be hitting other large companies.
Have something to add Hackers Attacked Microsoft Outlook ? Please add in comments.
Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.