Hackers have discovered a new method of using Google Calendar as a command and control infrastructure, a move that could pose significant challenges for the cybersecurity community, according to reports.
In the world of cybercrime, one of the biggest hurdles is how to get malware on an infected device to execute specific commands. Typically, cybercriminals use compromised servers as command and control (C2) infrastructure, but this approach is often quickly discovered and cut off by security professionals. However, if hackers were to leverage legitimate resources such as Google Calendar, it would be much harder for cybersecurity experts to detect and terminate the connection.
Google has issued a warning to the security community about a proof-of-concept (PoC) exploit called “Google Calendar RAT” (GCR), which is circulating on the dark web. According to the creator, alias MrSaighnal, the script creates a covert channel by exploiting event descriptions in the calendar. Once a device is infected with GCR, it will periodically poll the Calendar event description for new commands and execute them, updating the event description with new command output. While GCR has not yet been observed in active use, experts believe it’s only a matter of time.
Hackers are increasingly turning to legitimate cloud services to deliver malware. For example, some threat actors have been observed using Google Docs’ share feature to distribute files with malicious links via email, bypassing email protection services as the messages appear to come from Google.
This development raises concerns within the cybersecurity community and highlights the ongoing challenges of combating cybercrime and protecting against new threats. For more information, visit TheHackerNews.
