Aldohn Domingo, Tech Times

Google, in its Q3 Threat Horizons report, has warned the cybersecurity community and users alike of "threat actors potentially abusing Google Calendar," as per a Tech Radar report.

Hackers have reportedly been sharing a "proof of concept code" to Github, reportedly called "Google Calendar RAT (GCR)," that allows hackers to set up a command and control (C2) infrastructure within Google Calendar.

The script's creator, going by the handle 'MrSaighnal,' claims that it will establish a "covert channel" by taking advantage of the calendar's event descriptions. 

Google Calendar Brings 'Known Senders' Feature So You Can Block Spam Invitations
(Photo : Gaining Visuals from Unsplash)

This, in turn, allows hackers "to place commands in the event description field of Google Calendar events." According to Google, a device that has GCR will routinely scan the Calendar event description for updated commands and execute them on the device. The revised command output will then be updated in the event description.

The report indicates that Mandiant has seen that some actors have shared the public "proof of concept" on unofficial forums such as the dark web, but it has yet to be used in the wild.

The newest hacking method was discovered by Google's Threat Analysis Group (TAG), which monitors and frequently interferes with malware that exploits reputable cloud providers and major cyber threat actors. These services include cloud-based computing and storage as well as email and calendaring applications for office efficiency.  

Read Also: Google Restricts Internet Access for Some Employees to Combat Hacks, Data Breaches 

Cyberattack Increase in Legitimate Servers

Hackers using legitimate sources, such as Google Calendar, gain an advantage in using Google's resources as experts in cybersecurity would find it far more difficult to identify the assault and break the attack.

Google's report clarified that such misuse and the new cyberattack affect all cloud providers and their services. According to the report, malware is increasingly being distributed by hackers using reputable cloud providers.

For instance, users may enter an email address in Google Docs' share function, and Google will tell the recipient that they now have access to the file. Threat actors have been seen generating files that include harmful URLs and sending them over email to victims. The emails got around email protection systems because it were from Google. 

Threat actors exploiting Google products in their campaigns have also been observed by Google in the past. In March 2023, Google saw an attacker supported by the Iranian government utilize macro documents to infect people with BANANAMAIL, a tiny.NET backdoor for Windows that uses email as C2.

Through the usage of IMAP, the backdoor establishes a connection with a webmail account under the control of the attacker, parses emails for instructions, executes them, and replies with the outcome. The virus was exploiting Gmail accounts under attacker control as a C2 technique but was apprehended by Google's TAG. 

Google's Cyberattack Prevention Tips 

As per the report, Google recommends the cybersecurity community several mitigation techniques for the newest attack, such as employing "architect systems with a defense-in-depth approach," to reduce the cyber attack risk.

Google also recommends "use an Intrusion Detection System (IDS) and network monitoring tools" to detect the activity traffic caused by the attacks. Lastly, implementing a "robust centralized logging" system for regular monitoring was suggested in the report for "anomalous behavior." 

Related Article: Discord to Implement Temporary File Links to Combat Malware 

Written by Aldohn Domingo

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Google Google Calendar Hacked Malware Malware Attack Cyberattack Cyberattacks Cybersecurity cybersecurity tips Cybersecurity Measures
Join the Discussion