Here’s some advice to protect yourself against hidden Gmail and outlook hacking tactics used by the VIP Keylogger and 0bj3ctivityStealer threat campaigns. It also includes information about apps that can help prevent phishing and malware attacks.
It’s no secret that hackers are after your account credentials, whether through fast attacks on Microsoft accounts or two-factor authentication bypass attacks on Google users. The main tactic in these attacks involves targeting your email with “do-not-click” messages or phishing threats.
Recently, security researchers have warned about VIP Keylogger and 0bj3ctivityStealer malware, which are cleverly hidden within email messages, making them harder to detect. Since Gmail and Outlook are two of the largest email platforms, users are advised to be especially cautious about these attacks. Here’s what you need to know.
How Hacking Threats Hide in Your Gmail and Outlook Email
Phishing threats are not new, but they continue to evolve. While many still rely on traditional tactics like tricking people into clicking on links or opening attachments, the latest report from HP Wolf security highlights a new, more dangerous approach. Hackers are now delivering malware through email, cleverly hiding it inside images. Two types of malware, VIP Keylogger and 0bj3ctivityStealer, are being spread this way.
Security experts have discovered that both threats use the same method of embedding malicious code within images. The VIP Keylogger can record keystrokes and capture sensitive data, such as app credentials and clipboard information. On the other hand, 0bj3ctivityStealer is designed to steal more specific data, like login details for accounts and credit card information. This new approach is more challenging to detect, making it even more dangerous for users.
Writing for Infosecurity Magazine, James Coker notes that these attacks show how hackers are reusing and combining different methods to make their campaigns more effective. In one case, emails pretending to be invoices or purchase orders carried the VIP Keylogger malware.
These emails contained multiple malicious images, one of which was viewed 29,000 times. For the 0bj3ctivityStealer threat, attackers sent archive files pretending to be requests for quotations. These would download an image from a remote server containing malicious code if opened.
Read Also: Here’s How To Encrypt Your Email – in Outlook, Gmail, and other Popular Email Services.
Mitigating The Phishing Dangers Hiding In Your Email
The Cyber Security Agency of Singapore (CSA) released an update on January 20 to its list of recommended security apps to enhance protection against phishing and malware attacks Gmail and outlook. Since the original list was created in 2023, CSA has tested these apps on Android and iOS devices, evaluating them in four areas: malware detection, phishing detection, network detection, and device integrity checks. “Network detection and device integrity checks are new categories added in this review,” said a CSA spokesperson. In total, six security apps made the updated list.
To explain the evaluation categories in more detail, CSA stated that malware detection tests involved installing security apps on devices and evaluating their ability to identify various types of malware, including original, altered, and hidden versions.
The tests focused on accessing selected phishing links across different platforms for phishing detection. This included in-app browsers, widely used browsers like Chrome for Android and Safari for iOS, as well as using a URL checker provided by the security app itself.
These tests assess how well the apps protect users from the most common and evolving threats. By testing in real-world scenarios, CSA ensures the apps effectively prevent phishing and malware attacks. As a result, users can make more informed decisions about which apps offer the best protection for their devices.
Network detection tests involve simulating attacks to see if the app can detect and warn the user, while device integrity checks focus on detecting unauthorized modifications like rooting and jailbreaking.
Read Also: Google’s Gmail—Do You Need A New Email Account or Not?
Although CSA acknowledges that no app can provide “absolute” cybersecurity and advises users to stay alert, practice good online habits, and follow anti-scam guidelines, it recommends the six security apps to “enhance mobile device protection against common malware and phishing threats.
According to HP Wolf researchers, Google has been developing new protections to safeguard billions of Gmail users from cyberattacks, including phishing and malware. In 2024, Andy Wen, Gmail’s senior director of product management, stated, “We’ve created several innovative AI models that have greatly improved Gmail’s cyber defenses, including a new large language model that we trained to detect phishing, malware, and spam.”
This new AI model has helped block 20% more spam than previous protections by more accurately detecting malicious patterns. We explained that another AI model acts like a supervisor for their existing defenses, instantly evaluating hundreds of threat signals when a suspicious message is flagged.
It then applies the necessary protection to prevent harm. These advancements in AI-driven security strengthen Gmail’s defense system and ensure that users are better protected against ever-evolving threats. With these tools in place, Google aims to make Gmail safer and more reliable for users worldwide.