HYPERSCRAPE

Description

(Google) HYPERSCRAPE requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired. It spoofs the user agent to look like an outdated browser, which enables the basic HTML view in Gmail. Once logged in, the tool changes the account’s language settings to English and iterates through the contents of the mailbox, individually downloading messages as .eml files and marking them unread. After the program has finished downloading the inbox, it reverts the language back to its original settings and deletes any security emails from Google. Earlier versions contained the option to request data from Google Takeout, a feature which allows users to export their data to a downloadable archive file.

Names

Name
HYPERSCRAPE

Type

Exfiltration

Information

https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.hyperscrape

Other Information

Uuid

1274a300-b39b-48f0-8648-8e0f46fe91fe

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

HYPERSCRAPE

HYPERSCRAPE

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks