WHO Chief Impersonated in Phishing to Deliver HawkEye Malware
A new and continuing phishing campaign is posing as the Director-General of the World Health Organization (WHO) and is spreading malware known as HawkEye to victims’ devices. According to IBM X-Force Threat Intelligence researchers, the campaign started on Thursday, the same day it was discovered after the researchers found several waves of spam emails claiming to be from WHO.
HawkEye is a malware that can be used both to steal information from compromised devices, but also to leverage botnets to drop other malware families into the device, allowing for third-party cybercrime actors. The phishing emails claim to be about a new cure for the COVID-19 virus, claiming that further details are in an attached file that is secretly malicious. The file is an executable that allows the attacker to distribute malware onto the device.