Security experts discover keylogger on Microsoft Exchange Server main page

Keylogger has affected more than 30 victims around the world

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

exchange server keylogger

Keyloggers are rather dangerous since they can track everything you type, and are used to steal your login information and other sensitive data.

Recently, a new keylogger was discovered on the main page of the Microsoft Exchange Servers, so here’s what you should know.

The new keylogger puts many companies and governments at risk

As Cyber Security News reports, Positive Technologies’ Expert Security Centre has found a hidden keylogger hidden on the main page of Microsoft Exchange Servers.

This is a major security issue that can affect various businesses and governments around the world. The PT ESC team discovered the keylogger while investigating a compromised Exchange Server.

The code was found in the clkLgn() function, and the code stores usernames and passwords in a file that can be accessed via a specific path.

This was achieved by exploiting the ProxyShell vulnerability in Exchange Servers. This allowed hackers to put a keylogger on the main page and use it to gather login credentials.

To do this, hackers altered the logon.aspx file to process data and store it in a file that is accessible remotely.

More than 30 victims were affected including government agencies, educational institutions, corporations, and IT companies.

As for impacted countries, Russia, as well as several countries in Africa and the Middle East were affected by this keylogger.

PT ESC has notified affected organizations and it’s advising them to check for the malicious code on the main page and patch all vulnerabilities.

In addition, administrators are advised to monitor logs vigilantly for unusual activity and to enhance security by using multi-factor authentication.

That’s not all, as hackers were reported using the Phorpiex botnet to spread LockBit Black ransomware. Some hackers are also using Quick Assist to steal your data, so you might want to remove it if you’re not using it.

More about the topics: Cybersecurity, Microsoft Exchange

User forum

0 messages