Level 61
Content Creator
Malware Hunter
After the HawkEye malware kit underwent an ownership change and new development, researchers are spotting the keylogger used in several malicious email campaigns.

The HawkEye malware kit and information-stealer has been spotted in a newfound slew of campaigns after a recent ownership change.

While the keylogger has been in continuous development since 2013, in December a thread on a hacking site noted an ownership change, after which posts on hacking forums began to appear, selling new versions of the kit. “HawkEye Reborn v9” sports new anti-detection features and other changes, researchers said.

“Recent changes in both the ownership and development efforts of the HawkEye Reborn keylogger/stealer demonstrate that this is a threat that will continue to experience ongoing development and improvement moving forward,” said Edmund Brumaghin and Holger Unterbrink, researchers with Cisco Talos, in a Monday analysis. “HawkEye has been active across the threat landscape for a long time, and will likely continue to be leveraged in the future as long as the developer of this kit can monetize their efforts.”