The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, “Re: Purchase Order ….>,” bait for HawkEye from South Korea
“Re: Purchase Order ….>,” bait for HawkEye from South Korea. The zipped attachment contains an exe file: the malware. The stolen data is exfiltrated via FTP to a host in Russia
“Re: Purchase Order ….>,” is an email from an IP in South Korea carrying HawkEye.
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via FTP to a host in Russia.
HawkEye through the keylogger function, can capture everything the user types. Furthermore, it is capable of stealing emails and browser credentials and taking screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.
Related Posts
