IBM X factor researchers detected an uptick in HawkEye version 9 keylogger infection campaigns targeting business users around the world and threat actors offering the malware as a service.
The malware is designed to steal information from infected devices as well as to download additional malware by leveraging it botnets to distribute malware as a service as unique commercial offerings to third party threat actors, according to a May 27 blog post.
Hawkeye’s infection process is based on a number of executable files that leverage malicious PowerShell scripts
The campaign has been around for six years and, most recently, researchers focused on campaigns between April and May 2019. The IP addresses originating the malspam came from Estonia while users were targeted in countries around the globe.
In order to deflect these malspam campaigns, researchers recommend users block malicious and suspicious IPs from interacting with users, educate IT teams of new attack tactics, and be aware of the latest trending attacks.