Google Calendar Can Be Hacked, Says Google

According to a report by Tech Radar, Google issued a warning over “threat actors potentially abusing Google Calendar” in its Q3 Threat Horizons report, which was directed toward both the cybersecurity community and users.

It has been stated that hackers have been releasing a “proof of concept code” on Github. This code, which is said to be dubbed “Google Calendar RAT (GCR),” supposedly gives hackers the ability to set up a command and control (C2) infrastructure within Google Calendar.

The person who developed the script, who goes by the moniker ‘MrSaighnal,’ asserts that it will construct a “covert channel” by making use of the event descriptions on the calendar.

As a consequence of this, hackers are granted the ability “to place commands in the event description field of Google Calendar events.” Google claims that a device equipped with GCR will automatically scan the Calendar event description in search of updated commands and then carry out those actions locally on the device. Following that, the event description will be modified to include the new command output.

According to the article, Mandiant has seen that certain actors have posted public “proof of concept” on unofficial forums such as the dark web; nevertheless, it has not yet been used in the wild.

Google’s Threat Analysis Group (TAG), which monitors and frequently interferes with malware that attacks trustworthy cloud providers and big cyber threat actors, is credited with discovering the most recent hacking approach. Applications for email and calendaring, as well as cloud-based computing and storage, are included in these services, which are designed to improve workplace productivity.

Google Calendar Can Be Hacked: Cyberattack Increase in Legitimate Servers

Hackers that use official sources, such as Google Calendar, enjoy an edge when exploiting Google’s resources because it is much more difficult for cybersecurity specialists to identify the assault and break the attack. This gives hackers an incentive to use genuine sources.

According to the research published by Google, this kind of misuse, as well as the new cyberattack, affects all cloud providers and the services they offer. According to the findings of the analysis, malicious software is increasingly being spread by cybercriminals through the use of trusted cloud providers.

In the “share” function of Google Docs, for instance, users can enter an email address, and Google will notify the recipient that they now have access to the file. Threat actors have been observed producing files that include malicious URLs and distributing them to victims via email. These files contain the URLs. Due to the fact that the emails came from Google, email protection systems were able to ignore them.

Google has in the past seen threat actors use Google products as part of their efforts, which is another thing the company has seen. In March of 2023, Google observed an attacker who was assisted by the Iranian government using macro documents to infect individuals with BANANAMAIL, a tiny.NET backdoor for Windows that uses email as C2.

The backdoor makes use of IMAP in order to establish a connection with a webmail account that is under the control of the attacker. It then reads emails in search of instructions, puts those instructions into action, and then sends back the results. The infection was using Gmail accounts that were under the control of the attacker as a C2 tactic, but Google’s Threat Analysis Group was able to stop it.

Google’s Cyberattack Prevention Tips

According to the paper, Google suggests to the community of cybersecurity experts several strategies for mitigating the effects of the most recent attack. One of these techniques is to “architect systems with a defense-in-depth approach,” which can help lower the likelihood of a cyber attack.

In addition, Google suggests that users “use an Intrusion Detection System (IDS) and network monitoring tools” in order to identify the activity flow that is created by attacks. Lastly, building a “robust centralized logging” system for regular monitoring was proposed in the study for “anomalous behavior.”