Security News > 2022 > August > Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.
Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.
NET and designed to run on the attacker's Windows machine, the tool comes with functions to download and exfiltrate the contents of a victim's email inbox, in addition to deleting security emails sent from Google to alert the target of any suspicious logins.
Should a message be originally unread, the tool marks it as unread after opening and downloading the email as a ".
What's more, earlier versions of HYPERSCRAPE are said to have included an option to request data from Google Takeout, a feature that allows users to export their data to a downloadable archive file.
The findings follow the recent discovery of a C++-based Telegram "Grabber" tool by PwC used against domestic targets to obtain access to Telegram messages and contacts from specific accounts.
News URL
https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html
Related news
- Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords (source)
- US warns of Iranian hackers escalating influence operations (source)
- Hacker locks Unicoin staff out of Google accounts for 4 days (source)
- Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Iranian Hackers Set Up New Network to Target U.S. Political Campaigns (source)