After China, Russia or Israel, we will have to be wary of the Iranian state. This is announced by Google, which has discovered that hackers,had created a capable of siphoning Internet users’ emails. In his latest report, (TAG), Google thus explains that it got its hands on this tool to determine its dangerousness, and it is able to recover .
Her name ? hyperscrape.of data extraction, it would have been designed in 2020 by the Charming Kitten collective, supported by the Iranian government. His targets? Highly placed personalities. ” We saw it deployed against two dozen accounts located in Iranwrites Google in its report. The oldest known sample is from 2020 and the tool is still under active development. We have taken steps to secure these accounts again and have informed victims through our warnings about these government-backed hackers. “.
Google protection trapped
The most worrying thing is that hackers do not need to install malware on the targeted PC. In fact, they just need their accounts credentials or a cookie pulled from the victim’s browser. First, the tool will create a Download folder on theto store all emails there.
Then the tool traps Google’s protection by posing as an outdated browser. This forces the display tobasic in . Once logged in, the tool changes the account’s language settings to English and scans the contents of the mailbox, individually downloading messages as .eml files.
The victim does not notice anything
After the program finishes downloading the inbox, it resets the language to its original settings and deletes allGoogle security. It puts the emails in “unread” if necessary. As a result, the victim did not even realize that his correspondence had been siphoned off since he received no warning of access to his account, as is the case when one connects from a other or one .
The good news, or rather the lesser evil, is that the latest version of the malware is no longer compatible with. This function allows anyone with a Google account to create an archive with all their emails, photos, videos, calendar… Initially, Hyperscrape was able to retrieve cookies and the account name , necessary to accomplish archiving.