Golroted is the Trend Micro detection for Hawkeye, a simple keylogger used by Nigerian scammers who targeted small and medium-sized businesses in 2015. This enabled the scammers to obtain information and knowledge about their victims' partners, affiliates and business contacts to launch more scams, and move laterally across larger organizations related to the original victims.
Golroted is distributed in Microsoft Word, Microsoft Excel and Rich Text Format files through phishing emails. The attachment contains encrypted malware code hidden within the document. This spyware sends the stolen information to the email address of the cybercriminal via Simple Mail Transfer Protocol (SMTP).
Golroted steals the following:
It is capable of the following:
It has the following potential impact:
Golroted typically follows the infection chain below: