Hi all,
Just an info, not roundcube related but using Roundcube/for roundcube maints/sysadms.
I’ve seen in my users, one in a while, some users being hacked in this form:
- Somehow “they” got the user password, the one’s I’ve saw were all msoutlook users so my guess is that the user got some type or virus/trojan that send that info to them.
- “they” that info to enter the webmail (not sure if manually or automatically)
- Ransomware is sent using Roundcube, if you check the sent folders you’ll see emails with .jar attach’s (and possible others)
May be handy for someone this info,
Jorge,