Google is facing a new cyber threat that exploits its calendar service, warning users of a exploit proof-of-concept (PoC) public known as Google Calendar RAT (GCR). This tool exploits the events of Google Calendar as an infrastructure command-and-control (C2)giving hackers the ability to communicate with compromised devices. Jake Moore, Global Security Advisor di ESEThelps us understand what happened and how Google mitigated the risk.
Google Calendar exploited by hackers, ESET explains how
The creator of the exploit, known by the pseudonym Mr Saighnalmade the tool available on GitHub in June 2023. The exploit takes advantage of the “Covert Channel“, a sort of secret channel, using descriptions of events in Google Calendar to establish a direct connection to Google. Once a computer is compromised, GCR periodically monitors the event description for new commands, executing them on the target device, and then updating the event description with the command output.
Second Google, the fact that the tool relies on legitimate infrastructure makes detecting suspicious activity more difficult for defenders. The company said it have disabled the problem, But the incident highlights the growing trend of threat actors using cloud services to silently infiltrate our devices.
Jake MooreGlobal Security Advisor di ESET, commented on the incident, underlining the intrusive nature of the threat: “Google Calendar connects to a number of third-party applications, making this threat even more intrusive. Target the platforms of Google can have multiple implications, as many other services rely on and interact with these applications.”
Moore continues: “Fortunately, Google has disabled the issue, but it’s a good reminder to keep under control which services are connected and how to connect applications and logins only with reliable and updated services”.
More information on the ESET website.