A new variant of Hawkeye dubbed ‘Reborn v9’ has emerged. HawkEye Reborn v9 is currently marketed as an ‘Advance Monitoring Solution’ and is currently being sold using a licensing model. Buyers purchasing Reborn v9 will gain access to the software and updates for a specific period of time.
The big picture
Researchers from Cisco Talos have observed ongoing malspam phishing campaigns that distribute the HawkEye Reborn keylogger/stealer. However, the current version, HawkEye Reborn v9 has been modified from earlier versions and has been heavily obfuscated to make analysis complex and difficult.
Researchers noted that Hawkeye Reborn v9 is still using well-known MailPassView and WebBrowserPassView freeware tools from Nirsoft to steal web and email passwords.
“Recent changes in both the ownership and development efforts of the HawkEye Reborn keylogger/stealer demonstrate that this is a threat that will continue to experience ongoing development and improvement moving forward,” the researchers concluded.