Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed Owowa

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed Owowa. Owowa is intended to be loaded as a module within an IIS web server that also exposes Exchange’s Outlook Web Access (OWA). Owawa will steal credentials that are entered by any user in the OWA login page, and will allow a remote operator to run commands on the underlying server.

Kaspersky detected a cluster of targets with compromised servers located in Malaysia, Mongolia, Indonesia, and the Philippines. No links have been unearthed between the Owowa operators and other publicly documented hacking groups. A username “S3crt” (read “secret”) that was found embedded in source code of the identified samples has yielded additional malware executables.

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed Owowa

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed Owowa

15-Dec-21

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address