We have been seeing a massive increase in Malspam emails delivering Hawkeye keylogger / infostealer trojan. The vast majority have either a zip file containing the trojan itself or a malformed word doc either containing macros or using one of the Microsoft Equation Editor Exploits like CVE-2017-0199, CV-2017-11882 or CVE 2017-8570 that download the Hawkeye keylogger from a remote site which is eitherĀ a compromised site or a site set up to distribute malware. I was quite a change this morning to see a tiny zip file attachment with a shortcut file that is using the Amazon AWS cloud services … Continue reading →