HawkEye keylogger

The HawkEye Keylogger is spyware that may collect information from your PC, including the login data for your accounts. Its authors sell licenses for this program out to third parties who may deploy it in various methods or make minor adjustments to its payload's configuration. Since the HawkEye Keylogger tries to conceal its components and activities from any victims, malware analysts encourage using anti-malware products for detecting or removing the HawkEye Keylogger from your computer.

More Spyware with Talons Aimed at Your Information

Many of the most personal details of threatening software arrive before the threat ever has installed itself on an unprotected PC. The characteristics around its mode of distribution, any secondary business models, and even its marketing campaigns all deliver clues as to the level of competence, professionalism, and experience of the associated con artists. The HawkEye Keylogger is a 'spyware as a third-party kit' style threat, and its creator, referring to himself as HawkEye Admin, has built a user-friendly marketing campaign for the spyware via YouTube.

The HawkEye Keylogger's author claims that any licenses other threat actors purchase never expire, allowing them to reuse the HawkEye Keylogger for as long as the spyware remains relevant. Current campaigns leveraging the spyware use spam e-mail attachments, with included fake DOC files hosting one of two Microsoft Word exploits. Some the HawkEye Keylogger installers also may use names implying that they're installing a Microsoft software.

Malware researchers point out the following as the core features of the HawkEye Keylogger:

• As per its name, the HawkEye Keylogger performs keylogging: an attack that records all of your keyboard input to a text file, which it later may transfer to a remote server.
• The HawkEye Keylogger also supports data-collecting features that are distinct to various programs, including all widely-used Web browsers, several e-mail clients, and different instant messaging applications.
• The HawkEye Keylogger targets the Windows Clipboard (which stores information related to cutting, copying and pasting functions), preventing a victim from getting around its keylogger by copy-pasting passwords.
• Like most modern keyloggers, the HawkEye Keylogger also can take screenshots on command for capturing data that displays visually without passing through other input methods that the HawkEye Keylogger monitors for potential exfiltration.

Redirecting Misappropriated Data Mid-Flight

The work that 'HawkEye Admin' has put into promoting the HawkEye Keylogger implies strongly that this threat is intended to be a long-duration project that will be receiving regular updates. However, what's most unusual about the HawkEye Keylogger is how some additional threat actors are choosing to use it. Its latest campaigns involve a mildly convoluted means of transferring collected information that exploits the previously-hacked e-mail accounts of unrelated third parties. A general rule forwards the collected data, but not any other e-mail traffic, to the real con artist e-mail account. This step was implemented possibly to protect the con artist's accounts from being traced by malware researchers or other industry experts.

Although its secondary users seem to put little faith in the HawkEye Keylogger's internal security, this spyware is fully capable of collecting an enormous range of confidential data. Its attacks encompass most widely-used Web applications and both 32 and 64-bit Windows environments. PC users can protect themselves from its current infection vectors by updating all Microsoft Office software and monitoring e-mail communications for potential threats.

Many anti-malware products have reliable rates of detection for this spyware, and should be able to remove the HawkEye Keylogger without trouble. However, dealing with a HawkEye Keylogger after the fact will not restore the privacy of any information already plucked by this digital predator's talons.

Technical Details