Security News > 2022 > August > Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.

Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.

NET and designed to run on the attacker's Windows machine, the tool comes with functions to download and exfiltrate the contents of a victim's email inbox, in addition to deleting security emails sent from Google to alert the target of any suspicious logins.

Should a message be originally unread, the tool marks it as unread after opening and downloading the email as a ".

What's more, earlier versions of HYPERSCRAPE are said to have included an option to request data from Google Takeout, a feature that allows users to export their data to a downloadable archive file.

The findings follow the recent discovery of a C++-based Telegram "Grabber" tool by PwC used against domestic targets to obtain access to Telegram messages and contacts from specific accounts.

News URL

https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html