A new and dangerous malware infects Roundcube webmail
A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles.
The group goes by Winter Vivern and has been on the radar of several security researchers, including DomainTools, Sentinel One and Proofpoint. It targets numerous government workers by sending malicious phishing documents, emails and websites.
What makes this issue so important is that is a so-called “zero-click” attack, meaning that victims don’t need to do anything, other than read the incoming emails in their web browser. Check Point Software Technologies Ltd.’s blog explains this further by saying, these messages “don’t require user interaction; smartphones display notifications based on the contents of a message before the user decides to open and read it. Zero-click exploits may infect a device invisibly.”
That’s the main reason they’re prized attack methods and also why they’re dangerous. Other zero-click exploits that have become infamous include Cytrox’s Predator and the NSO Group’s Pegasus, both of which can launch hidden spyware tools.
ESET spol. s.r.o. researcher Matthieu Faou identified the exploit in a recent blog post, building on earlier work finding a less dangerous and older exploit in both Roundcube and Zimbra servers earlier this summer. That vulnerability dated back to 2020.
He warned that this exploit is a part of a regular series of phishing campaigns “because a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities.”
Roundcube versions 1.6.4, 1.5.5, and 1.4.15 contain the fixes and should be installed as quickly as possible. Prior versions are subject to the exploit.
Image: Taskin Ashiq/Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.