Cybersecurity experts and users have been warned by Google about the potential abuse of Google Calendar by threat actors, according to a recent report. Hackers have shared a “proof of concept code” called “Google Calendar RAT (GCR)” on Github, which enables them to create a command and control infrastructure within Google Calendar. The script’s creator claims that it can establish a covert channel by utilizing the calendar’s event descriptions.
By placing commands in the event description field of Google Calendar events, hackers can control devices that have GCR installed. These devices regularly scan the event description for updated commands and execute them, with the revised command output being updated in the event description.
Although the proof of concept has been shared on unofficial forums, including the dark web, it has not yet been observed in real-world attacks.
Google’s Threat Analysis Group (TAG) discovered this new hacking method. TAG is responsible for monitoring and intervening in malware that targets reputable cloud providers and major cyber threat actors. This includes cloud-based computing and storage, as well as email and calendaring applications.
Using legitimate sources like Google Calendar gives hackers an advantage as it makes it more challenging for cybersecurity experts to detect and respond to the attacks. Google’s report emphasizes that this misuse and new cyberattack affect all cloud providers and their services.
Google has previously observed threat actors exploiting its products in their campaigns. For instance, the company detected an attack supported by the Iranian government using macro documents to infect users with BANANAMAIL, a.NET backdoor for Windows. The attacker used Gmail accounts as a command and control technique, but Google’s TAG was able to thwart the attack.
To mitigate the risk of these attacks, Google recommends adopting a defense-in-depth approach, using intrusion detection systems and network monitoring tools, and implementing a robust centralized logging system to monitor for anomalous behavior.
In conclusion, the cybersecurity community and users should remain vigilant and follow these prevention tips to secure their systems and data against potential Google Calendar abuse.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years. I have a wealth of knowledge to share with my readers, and my goal is to help them navigate the ever-changing world of cryptocurrencies.