Hawkeye

The HawkEye information-stealing trojan is infecting devices via a malicious spam (malspam) campaign targeting business users around the world in the transportation and logistics, healthcare, import and export, marketing, and agriculture sectors, among others. Many of the spam emails claim to come from a large bank in Spain and leverage PowerShell scripts to download the malicious payload. HawkEye is used to log user keystrokes as well as download additional malware onto infected devices. The NJCCIC recommends users and administrators exercise caution when choosing to open unexpected or unsolicited emails and attachments from unknown senders, run an updated anti-virus/anti-malware program, and ensure all software and hardware are kept up-to-date. Users can read more about this campaign in the IBM X-Force Threat Intelligence post.