Google warned Google Calendar users that the application is now not safe from hacking as a new way to remotely control user devices.
The Google Calendar RAT (GCR), first uploaded in GitHub in June, is currently being shared in underground forums as a public proof-of-concept (PoC) exploit that uses the calendar to host command-and-control (C2) infrastructure.
GCR developer and researcher Valerio Alessandroni, also known as MrSaighnal, said the program's script uses exploits to leave commands in the event description of the Google Calendar.
"The target will connect directly to Google," Alessandroni said.
How Does the Google Calendar Exploit Works?
C2 infrastructure hackings have became a common mean for cybercriminals today to infect targeted endpoints. However, digital security professionals usually detect anomalies fast and protect individual C2 infrastructures from future cyberattacks.
The Google Calendar exploit enables hackers to bypass this difficulty by leveraging legitimate resources like Google to avoid detection for a longer period of time.
Google has revealed security vulnerabilities exploitable through the Google Calendar
Google assured that the exploit has not yet been reported to have been used in wild, but warns possibility that the program can be used by threat actors that abuse cloud-based storages to deliver malware and upload exfiltrated data to unknowing users.
A similar incident has already happened before in 2021 where Cisco reported threat actors using Microsoft Azure and Amazon Web Service "to deploy and deliver variants of malware with information stealing capabilities."
In March, Iranian government-backed hackers have also used macro docs to infect users with a small .NET backdoor, BANANAMAIL, for Windows through Internet Message Access Protocol (IMAP) emails.
Related Articles: 35 Android Apps with Malware Have Been Spotted in the Google Play Store
Possible Solutions for the Google Calendar Hacking
In its eight Threat Horizons report, Google has promised to improve its architect systems with a more "defense-in-depth approach" to combat more possible vulnerabilities in the future.
The tech giant also plans to enhance its centralized logging and regularly monitor its cloud services programs of any anomalies.
For now, the company advices its users to be careful in accessing their Google accounts for possible online attacks while a system implements better defenses.
Related Articles: Google Will Notify You When Your Private Info is on the Web
