Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » A new variant of Hawkeye keylogger ‘Reborn v9’ arises

A new variant of Hawkeye keylogger ‘Reborn v9’ arises

  • HawkEye Reborn v9 is currently marketed as an ‘Advance Monitoring Solution’ and is currently being sold using a licensing model.
  • HawkEye Reborn v9 also includes a ‘Terms of Service agreement’ which forbids buyers from using the software on systems without permission and from scanning its executables using antivirus software.

A new variant of Hawkeye dubbed ‘Reborn v9’ has emerged. HawkEye Reborn v9 is currently marketed as an ‘Advance Monitoring Solution’ and is currently being sold using a licensing model. Buyers purchasing Reborn v9 will gain access to the software and updates for a specific period of time.

Worth noting

  • HawkEye Reborn v9 also includes a ‘Terms of Service agreement’ which forbids buyers from using the software on systems without permission and from scanning its executables using antivirus software.
  • However, threat actors have been continuously using it against various targets across the world.

The big picture

Researchers from Cisco Talos have observed ongoing malspam phishing campaigns that distribute the HawkEye Reborn keylogger/stealer. However, the current version, HawkEye Reborn v9 has been modified from earlier versions and has been heavily obfuscated to make analysis complex and difficult.

  • These emails include malicious MS Excel documents disguised as invoices, bills of materials, order confirmations, and other corporate functions.
  • The Excel docs exploit the well-known CVE-2017-11882 vulnerability, an arbitrary code execution bug in Microsoft Office.
  • After which, the malicious final payload ‘Hawkeye Reborn v9’ is downloaded and executed.

Reborn’s capabilities

  • Reborn is capable of stealing system information and credentials from browsers, Filezilla, Beyluxe Messenger, CoreFTP and the video game ‘Minecraft’.
  • It can start a keylogger and steal clipboard content.
  • It can also take screenshots from the desktop and pictures from the webcam.

Researchers noted that Hawkeye Reborn v9 is still using well-known MailPassView and WebBrowserPassView freeware tools from Nirsoft to steal web and email passwords.

“Recent changes in both the ownership and development efforts of the HawkEye Reborn keylogger/stealer demonstrate that this is a threat that will continue to experience ongoing development and improvement moving forward,” the researchers concluded.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket