Researchers from IBM X-Force have observed malspam campaigns targeting business users with the Hawkeye keylogger malware during the last two months.
The targeted industries include transportation and logistics, healthcare, import and export, marketing, agriculture, and others.
The big picture
The malspam campaigns distribute Hawkeye keyloggers in order to steal accounts credentials and sensitive data from business users, which can be later used in BEC scams and account takeover attacks.
“Samples we checked reached users in Spain, the US, and the United Arab Emirates for HawkEye Reborn v9. HawkEye v8 focused on targeting users in Spain,” IBM X-Force researchers said.
Researchers also observed another malspam campaign launched from a server from Turkey between February 11, 2019, and March 3, 2019. This campaign leveraged similar attack patterns with emails dropping malware payloads disguised as commercial invoices.
Hawkeye keylogger
The HawkEye keylogger malware has been in development since about 2013, with the malware authors adding a multitude of new features and modules to enhance its capabilities.
“HawkEye is designed to steal information from infected devices, but it can also be used as a loader, leveraging its botnets to fetch other malware into the device as a service for third-party cybercrime actors,” researchers said.
Publisher