Monday, November 6, 2023

Even Google Calendar isn't safe from hackers any more

Hackers have reportedly found a way to use the Google Calendar as command & control (C2) infrastructure which could create quite a few headaches in the cybersecurity community. 

One of the bigger challenges for cybercriminals these days is how to get the malware on an infected endpoint to execute the commands they’d like done. 

To do that, they need C2 infrastructure, usually compromised servers, but the problem is that it never takes long for security pros to discover the ruse and terminate the connection. But if the C2 infrastructure leveraged legitimate resources, such as Google Calendar for example, cybersecurity pros would have a much harder time detecting the attack and terminating the connection.

Reading commands via Calendar

Now, Google warned the wider security community that a proof-of-concept (PoC) exploit for such a thing is circulating around the dark web. The PoC is dubbed “Google Calendar RAT” (GCR), and according to the person that built it - alias MrSaighnal - the script will create a “covert channel” by exploiting the event descriptions in the calendar.

"The target will connect directly to Google."

When a device is infected with GCR, it will periodically poll the Calendar event description for new commands and run them on the device, Google explained. Then, it will update the event description with new command output. 

So far, no hackers have been observed abusing GCR in the wild, but with things like these, it’s only a matter of time.

Hackers are increasingly using legitimate cloud services to deliver malware. For example, Google Docs has a share feature that allows users to type in an email address in the document and Google will notify the recipient that they now have access to the file. 

Some threat actors were observed creating files with malicious links and distributing them to people’s email inboxes this way. As the emails came from Google, they bypassed email protection services.

Via TheHackerNews

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/3cjrz8u

No comments:

Post a Comment

Elon Musk’s xAI supercomputer gets 150MW power boost despite concerns over grid impact and local power stability

Elon Musk's xAI supercomputer gets power boost amid concerns 150MW approval raises questions about grid reliability in Tennessee Lo...