Email Stealer — how hackers steal emails from outlook

AAccording to one projection [1], approximately 3.8 billion email accounts were in use in 2019. The number is expected to exceed half of the global population by 2022, with almost 300 billion emails being transmitted daily. You’ve probably heard of Gmail, Outlook, and Apple Mail. These are all email applications that are widely used to handle mails and are industry leaders. Although all of them are significant, our emphasis in this post will be on Outlook, a Microsoft email client.

1. Email Client

According to Statista [2], more than 72 percent of all computer users use the Windows operating system, which is why the usage of Outlook is growing on a daily basis since it comes preinstalled as part of the Microsoft Office Suite. Tech companies spend extensive amounts to preserve customers’ privacy and secure their private information. Although Outlook is considered a well-protected and trusted application because of its wellknown parent company Micorsoft, there are still several flaws linked with it in various ways. This article will discuss one of those flaws that attackers exploit to get unauthorized access to victims’ emails containing critical information.

2. Methodology

From the figure below, one can easily understand the flow of the proposed methodology. In this scenario, an attacker first convinces the victim to run the malicious code on his system or somehow manages to run it himself. This malicious script completes its work in multiple stages, such as fetching the emails, sending them to the attacker, and finally removing the traces from the victim machine. I will discuss these steps one by one in the coming sections with code snippets.

Proposed Methodology of Email Stealer
Proposed Methodology

3. Practical Implementation

a. Retirveing All Emails

The code presented here reads all the emails from the inbox folder from the Outlook client of the victim machine and then converts them to a CSV file and saves that file on the desktop with the name df.csv.

b. Email Design Using HTML

After retrieving all the emails, the next step is to send them to any of our email accounts. In this case, the victim’s email address is first obtained and then sent as part of the email body after compiling it with an HTML code compiler.

c. Sending As An Attachment

After you have complied HTML code, let's now send those emails as an attachment to the particular account that will hacker wished to collect emails on.

So far, so good. You have successfully received an email from the victim’s account with all the emails as an attachment. Although you have accomplished your objective as a hacker, there are still things to mess with. Have you imagined being discovered via the sent folder? What if victim examines his sent folder and discovers an attachment sent to your account without his knowledge or permission?

d. Removing Footprints

The answer to the above mentioned questions is that you must remove the footprints of this attack. But how? For this purpose, the next script will keep checking the sent folder and as soon as the hacker’s email address appears here, it will delete that email and the df.csv file from the desktop.

You may believe that because we are so far away from the victim, he cannot be aware of this malicious attempt, but this is not the case. There are still chances of being detected as deleted emails are stored in the bin folder. So, to fully clear the attack traces, we have to delete emails from the bin folder as well.

Yeah!!! You have done it. There are no traces of email stealing, and the victim will not know about any such activities. However, for future work, one could create an EXE file of this Python code to make execution easier and completely conceal his identity.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Azhar Ghafoor

Azhar Ghafoor


Cybersecurity Researcher | Ethical Hacking | Data Analyst