Hawkeye exposed attacking SMBs

NEW DELHI, INDIA: Hawkeye, a keylogger tied to Predator Pain and Limitless has been recently exposed by Trend Micro.

Two Nigerian hackers were using the malware to infiltrate SMBs around the globe through holiday themed social engineering techniques—with notable success.

“Hackers have now been witnessed attacking SMBs and it is essential for us to be ready to combat any such attacks. As per our recent research, we believe that social engineering techniques which are being extensively utilised by SMBs have emerged as the route for these hackers. As a regular practice, along with offering best of solutions we will continue to inform our existing and prospective users on any such advanced persistent threats,” Dhanya Thakkar, managing director, Asia Pacific, Trend Micro.

The scammers are using the Hawkeye keylogger to steal email and website credentials, as well as logging keystrokes. These particular hackers are patient, building a level of rapport with their victims through a series of emails prior to delivering the malware-infested attachment.  The attachment is also disguised by cryptors so the victim remains unaware of the attack on their system.

Additionally, the duo covered their tracks by using exfiltration via SMTP, as well as multiple email accounts, in 90 percent of the campaigns.  It’s noteworthy that this sophisticated methodology is a departure for Nigerian scammers who usually use simpler attack vectors such as generic spamming, possibly introducing a new breed of hackers from this region.