After the HawkEye malware kit underwent an ownership change and new development, researchers are spotting the keylogger used in several malicious email campaigns.
The HawkEye malware kit and information-stealer has been spotted in a newfound slew of campaigns after a recent ownership change.
While the keylogger has been in continuous development since 2013, in December a thread on a hacking site noted an ownership change, after which posts on hacking forums began to appear, selling new versions of the kit. “HawkEye Reborn v9” sports new anti-detection features and other changes, researchers said.
“Recent changes in both the ownership and development efforts of the HawkEye Reborn keylogger/stealer demonstrate that this is a threat that will continue to experience ongoing development and improvement moving forward,” said Edmund Brumaghin and Holger Unterbrink, researchers with Cisco Talos, in a Monday analysis. “HawkEye has been active across the threat landscape for a long time, and will likely continue to be leveraged in the future as long as the developer of this kit can monetize their efforts.”