Google confirmed that the detected tool can be ‘used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts’.
Google, parent company of Gmail, is warning users of the popular email service about a security breach that makes it possible for hackers to read their emails. The threat was detected by Google’s Threat Analysis Group (TAG) which disclosed that the threat is targeting a small group of users based in Iran, Forbes News reports.
According to the TAG report, the threat is from an espionage group which it says is backed by the Iranian government. The threat group is reportedly known as Charming Kitten and runs the tool called Hyoerscraoe, designed to steal user data from email services including Gmail, Yahoo and Outlook. The report written by TAG’s Ajax Bush said:
The attacker runs HYPERSCRAPE on their own machine to download victims’ inboxes using previously acquired credentials. We have seen it accounts against fewer than two dozen located in Iran.
The article added that Google has since notified the affected users while taking action to re-secure those accounts.
Although only a handful of carefully-selected Iran-based users of Gmail were targeted by Hyperscrape, for those people, having their emails read is a dangerous threat to their lives.
Additionally, in order for Hyperscrape to be executed, the attackers need to have already acquired the victim’s user credentials. This, again, Reduces the chances that everyday users will be affected. If an attacker has your user credentials, then it’s pretty much game over anyway. Google’s TAG report explained how the tool works:
Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the program has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google.