You might almost believe that Dickens had a Gmail account when he wrote: “It was the best of times, it was the worst of times.” I jest, of course – he was a Hotmail kind of guy – but email security is a serious matter. There’s a reason that criminal and state-sponsored threat enterprises invest so much time in exploiting vulnerabilities in email clients. Gain access to the average email account’s data vault (financial details, personal information, business communications and password reset links), and you have the keys to the hacking kingdom. So, with a heavy heart, I read reports from two security research teams, one being Google’s own Threat Analysis Group (TAG), which revealed a couple of very nasty Gmail threats that can read all the target’s email messages.
Let’s start with the one that TAG disclosed in August, named HYPERSCRAPE – I’ll just call it Hyperscrape from now on – and used in a small number of successful attacks, as confirmed by Google (). The group behind it is Charmking Kitten, a known advanced persistent threat (APT) actor, which specialises in espionage and is affiliated with
