A new malicious tool dubbed Hyperscraper has been used by the Iran-based Charming Kitten hacking group, which aids them in downloading email messages from the three top most utilised email platforms, Gmail, Yahoo!, and MS Outlook.
Based on the details recently shared by researchers from Google, Hyperscraper is a very effective hacking tool, although they are dubious about its sophistication. The tool was initially detected last December and still is under active development today.
The main feature of Hyperscraper includes stealing email data from top email platforms most used by people and entities worldwide, of which the stolen data are saved to its system upon intruding into an email account.
Furthermore, researchers explained that the malicious tool has an inbuilt web browser that pretends to be outdated so that it can display a basic HTML view in scanning a Gmail account’s content. The monitoring reports on Hyperscraper found that it was used on Iran-based email accounts might be fewer than two dozen, implying that it was only a small-scale campaign.
Once inside a compromised server, the tool will connect and communicate with the hackers’ C2 server, instructing it when to begin the attack. Through command-line arguments, the hackers also begin configuring the tool’s required path parameters to the targeted machines’ valid cookie file, operation mode, or identifier string.
When the valid cookie file has been analysed and successfully accessed, the tool will add it to the web browser’s local cache and create a new download folder to store the harvested content from the targeted email inbox.
The hackers initially scan through the email’s inbox and download all selected messages as [.]eml files before storing them in their folder. To lessen the victim’s suspicion, the hackers will mark the messages as ‘unread.’ They also delete all sign-in attempts and security alert notifications to erase their tracks.
Users of the top email platforms, such as Google, Yahoo!, and MS Outlook, must be vigilant about their account’s safety, especially if their inboxes contain confidential messages that hackers might take advantage of for further attacks.
