A Malware that can access inboxes From Gmail to Yahoo! and OutlookIt is used by, among other e-mail services. Iranian hackers to extract data from compromised accounts. The tool was detailed by Google on Tuesday, 23.
Experts from Google’s Threat Analysis Group (TAG), BRIDGE, the threat was named in December last year. According to them, the program runs on the attacker’s own device, does not require any malware to be downloaded by the victim.
Cybercriminals only need access to the target’s account credentials or browser session cookies. After this step, the tool takes action to trick the email service into detecting account access by an old browser and configures the program for the following. basic HTML preview.
Next, HYPERSCRAPE changes the language of the inbox to English, opens all the emails contained in it and downloads it in .eml format. After the process is complete, the tool deletes all security messages generated by the illegal activity and returns the platform configuration to its previous state, including flagging unread messages.
Iranian targets
According to the Mountain View giant, the tool has so far only been used against victims found in Iran. But that doesn’t stop it from being acquired and used by more cybercriminal groups in other regions.
All destinations with Gmail accounts were notified by the company and recommended that high-risk users sign up for Gmail. Advanced Protection Program (APP) by big technology. The company also recommended using advanced secure browsing at the Google account level to strengthen account security.
Source: Tec Mundo