HawkEye keylogger
Posted: March 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 246 |
First Seen: | March 23, 2016 |
---|---|
Last Seen: | August 15, 2020 |
OS(es) Affected: | Windows |
The HawkEye Keylogger is spyware that may collect information from your PC, including the login data for your accounts. Its authors sell licenses for this program out to third parties who may deploy it in various methods or make minor adjustments to its payload's configuration. Since the HawkEye Keylogger tries to conceal its components and activities from any victims, malware analysts encourage using anti-malware products for detecting or removing the HawkEye Keylogger from your computer.
More Spyware with Talons Aimed at Your Information
Many of the most personal details of threatening software arrive before the threat ever has installed itself on an unprotected PC. The characteristics around its mode of distribution, any secondary business models, and even its marketing campaigns all deliver clues as to the level of competence, professionalism, and experience of the associated con artists. The HawkEye Keylogger is a 'spyware as a third-party kit' style threat, and its creator, referring to himself as HawkEye Admin, has built a user-friendly marketing campaign for the spyware via YouTube.
The HawkEye Keylogger's author claims that any licenses other threat actors purchase never expire, allowing them to reuse the HawkEye Keylogger for as long as the spyware remains relevant. Current campaigns leveraging the spyware use spam e-mail attachments, with included fake DOC files hosting one of two Microsoft Word exploits. Some the HawkEye Keylogger installers also may use names implying that they're installing a Microsoft software.
Malware researchers point out the following as the core features of the HawkEye Keylogger:
- As per its name, the HawkEye Keylogger performs keylogging: an attack that records all of your keyboard input to a text file, which it later may transfer to a remote server.
- The HawkEye Keylogger also supports data-collecting features that are distinct to various programs, including all widely-used Web browsers, several e-mail clients, and different instant messaging applications.
- The HawkEye Keylogger targets the Windows Clipboard (which stores information related to cutting, copying and pasting functions), preventing a victim from getting around its keylogger by copy-pasting passwords.
- Like most modern keyloggers, the HawkEye Keylogger also can take screenshots on command for capturing data that displays visually without passing through other input methods that the HawkEye Keylogger monitors for potential exfiltration.
Redirecting Misappropriated Data Mid-Flight
The work that 'HawkEye Admin' has put into promoting the HawkEye Keylogger implies strongly that this threat is intended to be a long-duration project that will be receiving regular updates. However, what's most unusual about the HawkEye Keylogger is how some additional threat actors are choosing to use it. Its latest campaigns involve a mildly convoluted means of transferring collected information that exploits the previously-hacked e-mail accounts of unrelated third parties. A general rule forwards the collected data, but not any other e-mail traffic, to the real con artist e-mail account. This step was implemented possibly to protect the con artist's accounts from being traced by malware researchers or other industry experts.
Although its secondary users seem to put little faith in the HawkEye Keylogger's internal security, this spyware is fully capable of collecting an enormous range of confidential data. Its attacks encompass most widely-used Web applications and both 32 and 64-bit Windows environments. PC users can protect themselves from its current infection vectors by updating all Microsoft Office software and monitoring e-mail communications for potential threats.
Many anti-malware products have reliable rates of detection for this spyware, and should be able to remove the HawkEye Keylogger without trouble. However, dealing with a HawkEye Keylogger after the fact will not restore the privacy of any information already plucked by this digital predator's talons.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 827.9 KB (827904 bytes)
MD5: 09d910627ba09e3626271ec8f620bb33
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 22, 2016
file.exe
File name: file.exeSize: 352.25 KB (352256 bytes)
MD5: 1d1b67738f38949d8a7b3a7369d9a953
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 6, 2017
file.exe
File name: file.exeSize: 970.75 KB (970752 bytes)
MD5: e338403c456b97df7dfabe075486c5c2
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 16, 2016
file.exe
File name: file.exeSize: 820.64 KB (820648 bytes)
MD5: 996dc047d99cd08f9d79e018044f8bbd
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 21, 2017
file.exe
File name: file.exeSize: 462.84 KB (462848 bytes)
MD5: 378d167482247b7967f719c7af35f08e
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 27, 2016
file.exe
File name: file.exeSize: 1.16 MB (1163264 bytes)
MD5: bc3a8007ebba1fc7c08c1974285abcfa
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 2, 2016
file.exe
File name: file.exeSize: 1.01 MB (1011712 bytes)
MD5: f788bc62f5be5a1f411e0b78d0b563c1
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 24, 2016
file.exe
File name: file.exeSize: 950.27 KB (950272 bytes)
MD5: c96e50d83bd43bd8604914bc2e9929c1
Detection count: 2
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 20, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.