Google warns Gmail users about new cyberattack that can read their emails

Google confirmed that the detected tool can be ‘used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts’.

Google warns Gmail users about new cyberattack that can read their emails
© Getty/ SOPA Images
Google warns Gmail users about new cyberattack that can read their emails

Google, parent company of Gmail, is warning users of the popular email service about a security breach that makes it possible for hackers to read their emails. The threat was detected by Google’s Threat Analysis Group (TAG) which disclosed that the threat is targeting a small group of users based in Iran, Forbes News reports.

Discover our latest podcast

Charming kitten

According to the TAG report, the threat is from an espionage group which it says is backed by the Iranian government. The threat group is reportedly known as Charming Kitten and runs the tool called Hyoerscraoe, designed to steal user data from email services including Gmail, Yahoo and Outlook. The report written by TAG’s Ajax Bush said:

The attacker runs HYPERSCRAPE on their own machine to download victims’ inboxes using previously acquired credentials. We have seen it deployed against fewer than two dozen accounts located in Iran.

The article added that Google has since notified the affected users while taking action to re-secure those accounts.

thumbnail
Getty/ Teera Konakan

Threat levels

Although only a handful of carefully-selected Iran-based users of Gmail were targeted by Hyperscrape, for those people, having their emails read is a dangerous threat to their lives.

Additionally, in order for Hyperscrape to be executed, the attackers need to have already acquired the victim's user credentials. This, again, reduces the chances that everyday users will be affected. If an attacker has your user credentials, then it's pretty much game over anyway. Google’s TAG report explained how the tool works:

Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the program has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google.

Read more:

Gmail attack: Hackers breach foolproof security settings to read your emails

Gmail: Two ways to protect your account from hackers

Gmail: Your email account is about to undergo these changes

Google issues massive warning to Gmail users Google issues massive warning to Gmail users