The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020.
Hackers Have A New Tool to Access Gmail, Yahoo and Outlook inboxes
See Also: Indian Hackers Allegedly Attack ARY Digital YouTube Channel According to Google, the tool works on the attacker’s endpoint. Victims don’t have to be tricked into downloading any malware. Instead, hackers control the tool from their end, taking advantage of vulnerabilities, such as compromised account credentials or stolen session cookies, in order to access an account. After that, the tool will trick the email service into thinking that the user has accessed to it through an outdated browser, and will switch to the basic HTML view. Soon after, it will change the inbox’s language to English, start opening emails one by one, and download them into the .eml format. All those unread emails will remain unread after the attack. After downloading all emails, the tool will delete any warning emails. Then it will revert the language back to its original state and disappear. According to Google, the hackers have used this tool against two dozen accounts, all located in Iran. Google says it notified all of them via its Government Backed Attacker Warnings. The tool was written in .NET for Windows PCs. TAG further revealed that the tool is tested with Gmail, “although functionality may differ for Yahoo! and Microsoft accounts”.
