Hawkeye Ransomware Overview[]
The HawkEye ransomware is a malware threat that is under an active investigation. The identified samples contain several advanced features:
- Remote Command Execution – The virus allows the infected machines to listen to remote commands and execute arbitrary commands given by the remote criminals.
- Keylogger – The code is able to to monitor the system clipboard and record all keystrokes.
- Account Harvesting – The virus can scan for any account login screens and take the account data.
- System Information Gathering – The HawkEye ransomware extracts information from the infected devices that is attributed to details about the Android operating system and its hardware.
Hawkeye Ransomware Distribution[]
The Hawkeye ransomware is primarily distributed mainly via infected binary files. They pose as legitimate applications made by Acer.
We suspect that email phishing campaigns are the primary source of infection. Botnet networks are often employed as sources of the infections.
Other methods include spreading of files via download sites or P2P networks.