Hackers have developed a new application that downloads Gmail, Yahoo, and Outlook mailboxes.

Iranian state-sponsored hackers have developed a new tool that can download Gmail, Yahoo, and Outlook mailboxes and is being used against unknown high-profile targets. According to recent research from Google’s Threat Investigation Group (TAG), which obtained a version of the program and conducted an analysis to determine how harmful it is. The technology in question is named HYPERSCAPE and was created in 2020 by the government-backed group Charming Kitten.

Charming Kitten attacks

According to Google, the tool operates on the attacker’s endpoint, which eliminates the need for victims to be duped into installing malware. They must, however, have their account credentials hacked or session cookies taken for the attacker to get into their account. After that, the malware will deceive the email provider into thinking it is being viewed using an old browser and will convert to a simple HTML display. Then, it will convert the language of the inbox to English, begin reading emails one by one and download them into the.eml format. Email communications that were tagged as unread before the assault will also be classed as unread following the attack. When this is done, it will remove any warning emails, return the language to its original condition, and vanish. The software has only been used against a few dozen accounts, all of which are based in Iran.

Google claims to have contacted all of them through its Government Backed Attacker Warnings service. TAG stated that the program was created in.NET for Windows PCs and that it was tested using Gmail, however software could change for Yahoo! and Microsoft accounts. In previous versions of HYPERSCAPE, threat actors may also request data through Google Takeout, a service that allows users to export their data to a downloadable archive file. However, this feature was inaccessible in the recent version.