Hackers have a new tool that downloads Gmail Yahoo Outlook inboxes TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Hackers have a new tool that downloads Gmail Yahoo Outlook inboxes By Sead Fadilpašić published 23 August 2022 Iranian state-sponsored actors are behind the attacks, says Google (Image credit: Shutterstock) Audio player loading… Iranian state-sponsored hackers have built a new tool capable of downloading Gmail, Yahoo, and Outlook inboxes, and are using it against unknown high-profile targets. This is according to a new report from Google's Threat Analysis Group (TAG), which managed to obtain a version of the tool and perform an analysis to see just how dangerous it is. As per the report, the tool in question is called HYPERSCAPE, and was built back in 2020 by the government-backed group known as Charming Kitten. Charming Kitten attacks According to Google, the tool works on the attacker's endpoint, which means victims don't have to be tricked into downloading any malware. They do, however, need to either have their account credentials compromised or session cookies stolen, as the attacker first needs to log into their account. Once that step is achieved, the tool will trick the email service into thinking it's being accessed via an outdated browser, and will switch to the basic HTML view.Read more> Iranian hackers blamed for Fortinet and Microsoft Exchange hacks (opens in new tab) > What happens when we unmask the hackers? (opens in new tab) > Remove viruses and ransomware with the best malware removal services out there (opens in new tab) After that, it will change the inbox's language to English, start opening emails one by one, and download them into the .eml format. Email messages that were marked as unread before the attack will be marked as unread afterward as well. Once that stage is done, it will delete any warning emails, revert the language back to its original state and disappear. Apparently, the tool has so far been used against no more than two dozen accounts, all located in Iran. Google says it notified all of them via its Government Backed Attacker Warnings. The tool was written in .NET for Windows PCs, TAG added, saying it tested it with Gmail, "although functionality may differ for Yahoo! and Microsoft accounts". Earlier versions of HYPERSCAPE also allowed threat actors to request data from Google Takeout, a feature allowing users to export their data to a downloadable archive file. The feature doesn't seem to be available in the latest version, however. These are the best identity theft protection (opens in new tab) services available now Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1Best laptops for designers and coders 2The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me3Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie4iPhone 15 tipped to come with an upgraded 5G chip5Google Pixel Tablet is what Apple should've done ages ago Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab) Other versions of this page are available with specific content for the following regions:Deutschland