Hackers are trying to use Google Calendar to install viruses. The new method is spreading across the Internet and uses a previously unseen trick.
The extremely popular Google Calendar may become a tool in the hands of cybercriminals. Hackers have developed a new attack method that uses text fields contained in the service.
Google Calendar RAT – a new hacker tool attacks Google Calendar
The company has published a new Q3 Threat Horizons report, in which it warns about the latest trends among hackers and their activities. According to the authors, the new threat may be “cybercriminals potentially using Google Calendar.”
Internet fraudsters allegedly exchanged experimental code samples on the Github platform. The author of the method uses the pseudonym MrSaighnal and called it “Google Calendar RAT (GCR)”. RAT stands for Remote Administration Tool – these tools allow you to take control and control the system remotely. According to reports, the code can be used as C2, or Command and Control, infrastructure.
As the method description shows, the code allows you to create a hidden communication channel by using event descriptions in Google Calendar. Criminals can then enter commands into the text field to be executed.
The GCR virus is supposed to regularly check descriptions and execute commands on the infected computer. After performing a malicious action, the program will also modify the event description, updating it with new commands.
Google Calendar virus – criminals use the company’s services
According to the report, GCR has not yet been used in real attacks. However, the prototype has been circulating on dark web forums for some time, and was recently made public on Github. Therefore, it seems that the implementation of the method may only be a matter of time.
Detecting a new threat may be extremely difficult because the code is executed under the cover of a completely legal program, such as Calendar. MrSaighnal adds that the victim “connects directly to Google”, which can significantly delay the detection of suspicious commands.
Using Google services is an increasingly popular attack method. Previously, hackers distributed viral files using Google Docs. Malicious links created in the application were shared on the victim’s email. As the notification message came directly from a reputable company, the mailbox protection against viruses and fraud was bypassed.