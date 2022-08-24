One Malicious program able to access inboxes from Gmail, Yahoo! and Outlookamong other e-mail services, is being used by Iranian hackers to extract data from compromised accounts. The tool was detailed by Google on Tuesday (23).

Experts from Google’s Threat Analysis Group (TAG) have identified the HYPERSCRAPE, as the threat was named, in December last year. According to them, the program runs on the attacker’s own device, not requiring the download of any type of malware by the victim.

Cybercriminals only need to access the target’s account credentials or browser session cookies. After this step, the tool goes into action, tricking the e-mail service so that it detects access to the account by an outdated browser, configuring the program for the basic HTML preview.

Gmail is one of the platforms that can have the data extracted by the tool.Source: Unsplash

Then, HYPERSCRAPE changes the language of the inbox to English, opens all the emails found in it and downloads it in .eml format. Once the process is complete, the tool deletes all security messages generated by the illicit activity and returns the platform configuration to its previous state, including marking messages that had not been read.

Iran targets

According to the Mountain View giant, the tool has only been used against victims located in Iran, so far. But that doesn’t stop it from being acquired and used by more cybercriminal groups in other regions.

All targets who have a Gmail account were notified by the company, which recommended high-risk users to sign up for Gmail. Advanced Protection Program (APP) by big tech. The company also recommended the use of enhanced secure browsing at the Google account level to strengthen account security.