EYE Malware
The EYE Malware is programmed to look for specific activities – RDP logins, opened files, executed applications and entries in the Windows Event Viewer. The EYE Malware is a hacking tool artifact discovered on computers infiltrated by the xHunt and Hisoka malware families previously. Cybersecurity experts suspect that the attackers were relying on the EYE Malware to act as a failsafe, which is meant to eradicate all leftover files and processes that can be traced back to the attackers. Often, threats of this type are meant to run only after the attackers have finished their business, but the EYE Malware appears to operate in a different manner.
The EYE Malware Covers Up the Tracks of the xHunt Operators
Cybersecurity experts suspect that the EYE Malware is launched when the remote hacker begins the attack, therefore enabling the malware to track the activities happening on the compromised system. The EYE implant compiles a list of opened/closed applications, logins, and other activity that leaves traces on the compromised system. It is very likely that the hackers activate the clean-up module of the EYE Malware after they have finished their work on the infected host. When this event occurs, the implant will wipe out specific Registry entries related to RDP activity and delete information about recently opened files and applications. Finally, the EYE Malware executes a self-delete command.
The clean-up module of the EYE Malware was implemented in a peculiar way, which shows that the attackers planned only to include particular attach techniques in their operation, therefore enabling the EYE implant to cover their tracks thoroughly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.