Hawkeye malware - What it is, how it steals data, and how to remove and prevent it

Hawkeye

What it is

Hawkeye is a Windows remote access trojan and keylogger that steals sensitive data like passwords, cookies, and credit card details, then sends it back to attackers. It can also install extra payloads and keep a quiet foothold on the device. Technical details and removal steps are in our 
Hawkeye overview for defenders

What you may notice

  • Unexpected prompts for re-login or MFA

  • New browser extensions or odd redirects

  • Spikes in network traffic when idle

  • Security tools crashing or failing to update

How it gets in

  • Phishing emails with booby-trapped attachments

  • Fake software updates and repacked installers

  • Malvertising and sketchy download sites

Remove it now - quick steps

  1. Disconnect from the internet to stop data exfiltration.

  2. Run a full anti-malware scan, quarantine results, reboot, then scan again.

  3. From a clean device, change passwords for email, banking, and cloud accounts and enable MFA.

  4. Check startup items, scheduled tasks, services, and browser extensions and remove unknown entries.

  5. Review firewall or DNS logs and block contacted domains/IPs.

Prevent it

  • Install software only from official sources and avoid cracks or repacks.

  • Keep Windows, browsers, and Office updated and block macros by default.

  • Use reputable EDR or anti-malware with email and web filtering.

  • Turn on DNS filtering to block known malicious hosts.

  • Train users to verify money or account changes out of band.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • RAM Scraping

        What it is RAM scraping is when malware reads a process’s live memory to grab sensitive data in plaintext before it’s encrypted or after it’s decrypted. Classic targets are point-of-sale apps where payment card data briefly appears in RAM, but ...