A new and dangerous malware infects Roundcube webmail

A malware group called Winter Vivern has targeted the Roundcube webmail service, which is frequently used by European government agencies, with a ‘zero-click’ attack. This means victims are infected simply by reading their emails. Researchers from companies including DomainTools, Sentinel One and Proofpoint are aware of the group, which sends malicious phishing documents and emails. Experts are warning users to regularly update their systems, as older versions of Roundcube are vulnerable to the exploit.