ESET malware researcher Matthieu Faou examined the LightNeuron malware, and said that he discovered it “gives the attacker total control over the mail server”.
“LightNeuron has been targeting Microsoft Exchange mail servers since at least 2014,” Mr Faou said.
However, it was only recently discovered that the malware can create a backdoor to read, block, modify or even create emails going through the software.
“In the mail server architecture, LightNeuron can operate at the same level of trust as security products such as spam filters. As a result, this malware gives the attacker total control over the mail server, and thus, over all email communication,” he said.
Among the victims of the malware are a ministry of foreign affairs in an Eastern European country and a regional diplomatic organisation in the Middle East, Mr Faou said.
“We believe that IT security professionals should be made aware of this new threat,” he said.
Mr Faou said that it is the first known malware targeting the Microsoft Exchange Transport Agent in such a way.
He warned the malware could be used by hackers to extract sensitive documents by stealth and garner control over other machines.
“Due to security improvements in operating systems, kernel rootkits, the holy grail of espionage malware, often quickly fade away from the attackers’ arsenal. However, the attackers’ need persists for tools that can live in the target system, hunt for valuable documents and siphon them off, all without generating any suspicion,” Mr Faou said.
“LightNeuron emerged as [a] solution.”
He warned the malware is also not easily removed, as simply removing the malicious files would break the email server.
Microsoft Australia has been contacted for comment about the malware.
It comes following a separate warning about internet-connected multi-function devices, such as commercial printers, being used by hackers to target digital networks, particularly among unsuspecting SMEs.