Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Security experts discover keylogger on Microsoft Exchange Server main page
Keylogger has affected more than 30 victims around the world
2 min. read
Published onMay 21, 2024
published onMay 21, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Keyloggers are rather dangerous since they can track everything you type, and are used to steal your login information and other sensitive data.
Recently, a new keylogger was discovered on the main page of the Microsoft Exchange Servers, so here’s what you should know.
The new keylogger puts many companies and governments at risk
AsCyber Security Newsreports, Positive Technologies’ Expert Security Centre has found a hidden keylogger hidden on the main page of Microsoft Exchange Servers.
This is a major security issue that can affect various businesses and governments around the world. The PT ESC team discovered the keylogger while investigating a compromised Exchange Server.
The code was found in the clkLgn() function, and the code stores usernames and passwords in a file that can be accessed via a specific path.
This was achieved by exploiting the ProxyShell vulnerability in Exchange Servers. This allowed hackers to put a keylogger on the main page and use it to gather login credentials.
To do this, hackers altered the logon.aspx file to process data and store it in a file that is accessible remotely.
More than 30 victims were affected including government agencies, educational institutions, corporations, and IT companies.
As for impacted countries, Russia, as well as several countries in Africa and the Middle East were affected by this keylogger.
PT ESC has notified affected organizations and it’s advising them to check for the malicious code on the main page and patch all vulnerabilities.
In addition, administrators are advised to monitor logs vigilantly for unusual activity and to enhance security by using multi-factor authentication.
That’s not all, as hackers were reported using thePhorpiex botnet to spread LockBit Black ransomware. Somehackers are also using Quick Assist to steal your data, so you might want to remove it if you’re not using it.
More about the topics:Cybersecurity,Microsoft Exchange
Milan Stanojevic
Windows Toubleshooting Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Milan Stanojevic
Windows Toubleshooting Expert
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.
