"Top Open Source Email Platform Hacked to Steal User Data."

Recent reports have alerted about the misuse of a vulnerability in Roundcube Webmail, which is being exploited by hackers to steal emails and other sensitive information. Cybersecurity experts from Positive Technologies have pointed out that this popular email client has a flaw that is actively being targeted in government organizations in the Commonwealth of Independent States (CIS) region, which includes countries from the former Soviet Union.

Roundcube Webmail is a browser-based email client known for its user-friendly interface that resembles a desktop application. It supports standard email protocols like IMAP and SMTP and offers features such as message search, contact management, and plugin customization.

The vulnerability, identified as CVE-2024-37383, is classified as a medium severity stored cross-site scripting (XSS) flaw, allowing malicious JavaScript to be executed on the Roundcube page. To trigger this vulnerability, attackers send a specifically crafted email. This email appears to be empty but contains an attachment in .DOC format. The criminals hide harmful code in the email using particular HTML tags, in this case, the tag, which is processed by the email client, although it remains invisible to the target user.

The malicious code masquerades as an 'href' value. When the fake .DOC file is opened, an unauthorized login form is injected into the HTML page, prompting the user for credentials on the mail server. Those who fall for this trap are deceived into entering their username and password, which are then sent to the attackers.

It has been reported that all versions up to 1.5.6, as well as those between 1.6 and 1.6.6, are vulnerable to this flaw. Versions 1.5.7 and 1.6.7, released on May 19, are the first to have fixed this vulnerability, and users are advised to update their clients as soon as possible.