Hi all,

Just an info, not roundcube related but using Roundcube/for roundcube maints/sysadms.

I’ve seen in my users, one in a while, some users being hacked in this form:

• Somehow “they” got the user password, the one’s I’ve saw were all msoutlook users so my guess is that the user got some type or virus/trojan that send that info to them.
• “they” that info to enter the webmail (not sure if manually or automatically)
• Ransomware is sent using Roundcube, if you check the sent folders you’ll see emails with .jar attach’s (and possible others)

May be handy for someone this info,

Jorge,