Supported by Iran, a collective of hackers has developed a utility capable of siphoning off the inboxes of Gmail, Yahoo and Outlook. For the moment, it is only used in Iran against personalities but its operation is formidable.
You will also be interested
[EN VIDÉO] Kézako: how is data encrypted on the Internet? Cryptography is the oldest form of encryption. There are traces of its use until 2,000 BC. This technique still used today, especially on the Web, reveals its mysteries on video thanks to the Kézako program from Unisciel and the University of Lille 1.
After China, Russia or Israel, we will have to be wary of the Iranian state. This is announced by Google, which has discovered that hackers, backed by Iranhad created a malware capable of siphoning Internet users’ emails. In his latest report, Threat Analysis Group (TAG), Google thus explains that it got its hands on this tool to determine its dangerousness, and it is able to recover emails from Gmail, Yahoo and Outlook.
Her name ? hyperscrape. A data extraction utility, it is said to have been designed in 2020 by the Charming Kitten collective, supported by the Iranian government. His targets? Highly placed personalities. ” We saw it deployed against two dozen accounts located in Iranwrites Google in its report. The oldest known sample is from 2020 and the tool is still under active development. We have taken steps to secure these accounts again and have informed victims through our warnings about these government-backed hackers. “.
Google protection trapped
The most worrying thing is that hackers do not need to install malware on the targeted PC. In fact, they just need their account credentials or a cookies extract from Navigator of the victim. First, the tool will create a Download folder on the Hard disk to store all emails there.
Then the tool traps Google’s protection by posing as an outdated browser. This forces display in basic HTML in Gmail. Once logged in, the tool changes the account’s language settings to English and scans the contents of the mailbox, individually downloading messages as .eml files.
The victim does not notice anything
After the program finishes downloading the inbox, it resets the language to its original settings and deletes all emails Google security. It puts the emails in “unread” if necessary. As a result, the victim did not even realize that his correspondence had been siphoned off since he received no warning of access to his account, as is the case when one connects from a another computer or mobile.
The good news, or rather the lesser evil, is that the latest version of the malware is no longer compatible with Google Take Out. This function allows anyone with a Google account to create an archive with all their emails, photos, videos, calendar… Initially, Hyperscrape was able to retrieve cookies and the account name , necessary to accomplish thearchiving.
—
LAST DAYS to take advantage of our summer offer.
Subscribe to our media for a period of 3 months and receive the Mag Futura as a gift!*
*Offer valid for any new 3-month subscription to the “I participate in the life of Futura” offer on Patreon.
—
Interested in what you just read?