Hackers exploit Roundcube flaw to spy on academic researchers

Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster tracked as UNK_MassTraction has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoors. The campaign uses malicious emails to trigger Roundcube flaws CVE-2024-42009 and CVE-2025-49113, leading to payloads such as IceCube, SquareShell, and VShell. #UNK_MassTraction #Roundcube #IceCube #SquareShell #VShell #CVE-2024-42009 #CVE-2025-49113

Keypoints

  • A China-linked cluster is targeting Roundcube servers at universities in the U.S. and Canada.
  • The campaign focuses on physics, engineering, and national security-related research organizations.
  • Malicious emails exploit CVE-2024-42009 to load the IceCube stealer.
  • IceCube can harvest passwords, cookies, 2FA data, and browser information.
  • The attackers also try to install SquareShell or load VShell for remote access.

Read More: https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-flaw-to-spy-on-academic-researchers/