Hackers have discovered a new way to access and download inbox data for Gmail, Yahoo and Outlook users.
According to the Google Threat Analysis Group (TAG), the Iranian government-sponsored hacking group Charming Kitten has been using a tool called ‘Hyperscrape’ to gain access to the inboxes of around two dozen notable users and download their data.
Hyperscrape was first discovered by TAG in December of last year, but the earliest known instances of the software in use date back to 2020.
The tool works by taking advantage of stolen cookies or account details to access an account. From there, the hackers trick the email service into thinking the browser is out of date, which then displays it in plain HTML. From there, the hackers change the language to English and can open and download emails individually.
Covering their tracks, the hackers mark the emails as unread, delete the warning emails, return the language to its original, and slip away.
TAG believes the known attacks were politically motivated, and while it works quickly and is difficult to detect, Google has learned a lot about Hyperscrape, reporting that it is written in .NET for Windows.
TAG, which has purchased a copy of the test and analysis tool, has yet to test it for Yahoo and Outlook, and has confirmed that it may behave differently than it does with Gmail.
Cookie theft is a growing trend in cybercrime according to a Sophos report. This allows hackers to gain access to accounts without having to worry about multi-factor authentication, since the browser already believes the user is logged in to the session.