Security News > 2022 > August > Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.
Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.
NET and designed to run on the attacker's Windows machine, the tool comes with functions to download and exfiltrate the contents of a victim's email inbox, in addition to deleting security emails sent from Google to alert the target of any suspicious logins.
Should a message be originally unread, the tool marks it as unread after opening and downloading the email as a ".
What's more, earlier versions of HYPERSCRAPE are said to have included an option to request data from Google Takeout, a feature that allows users to export their data to a downloadable archive file.
The findings follow the recent discovery of a C++-based Telegram "Grabber" tool by PwC used against domestic targets to obtain access to Telegram messages and contacts from specific accounts.
News URL
https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html
Related news
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Scams Based on Fake Google Emails (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Hackers use Google Search ads to steal Google Ads accounts (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)