Hackers have a new tool that downloads Gmail, Yahoo, Outlook inboxes
This is according to a new report from Google’s Threat Analysis Group (TAG), which managed to obtain a version of the tool and perform an analysis to see just how dangerous it is.
As per the report, the tool in question is called HYPERSCAPE, and was built back in 2020 by the government-backed group known as Charming Kitten.
Charming Kitten attacks
According to Google, the tool works on the attacker’s endpoint, which means victims don’t have to be tricked into downloading any malware. They do, however, need to either have their account credentials compromised or session cookies stolen, as the attacker first needs to log into their account.
After that, it will change the inbox’s language to English, start opening emails one by one, and download them into the .eml format. Email messages that were marked as unread before the attack will be marked as unread afterward as well. Once that stage is done, it will delete any warning emails, revert the language back to its original state and disappear.
Apparently, the tool has so far been used against no more than two dozen accounts, all located in Iran. Google says it notified all of them via its Government Backed Attacker Warnings. The tool was written in .NET for Windows PCs, TAG added, saying it tested it with Gmail, “although functionality may differ for Yahoo! and Microsoft accounts”.
Earlier versions of HYPERSCAPE also allowed threat actors to request data from Google Takeout, a feature allowing users to export their data to a downloadable archive file. The feature doesn’t seem to be available in the latest version, however.
- These are the best identity theft protection services available now
Go to Source