Google has issued a warning about its Google Calendar platform. The tech giant says hackers might abuse this system secretly and send commands to a piece of malware imprinted on a computer.
This threat deals with a “command and control” infrastructure created by hackers to communicate with malware after infecting an IT system.
According to GoogleIn some cases, the hackers will hide their C2 activity using legitimate services to host commands on the malware. , hackers will exploit this calendar platform by sending commands to the malware using a “C2” server.
Hackers Deploy Malware Using Google Calendar
Previously, hackers hosted C2 commands using budget or without charge cloudandservices like Dropbox and Amazon Web Services, Google Drive, Gmail. This action prevents antivirus programs and cybersecurity professionals from uncovering the activities of a hacker because the C2 commands delivered to the malware will seem legitimate.
Google instantly warns that a similar exploit could be done on its calendar services. issued corporation The a summary referring to a proof-of-concept study by a cybersecurity researcher leveraging Google Calendar as as it turns out a C2 server.
The PoC is known as Google Calendar.RAT, and it works by placing the C2 commands in an gathering mimicking a Google Calendar entry The hacker’s malware will later join to the Google login to fetch and execute commands on the infected device.
The Google summary opined that according to the developer, GCR would communicate exclusively using a legitimate infrastructure operated by Google. The process also made detecting suspicious challenging for the availableactivitysoftware defenders.
No Attack Detected
The firm has not detected in modern times hackershostingusing Google Calendar to distribute malware by C2 commands. It’s worth noting that However, Google reports that several threat.actors have shared public proof of concept research on dark web forums This shows these ’ increased interesthackersin abusing cloud services and potentially causing an attack.
The summary published by Google on this attack also mentions some ways that users can mitigate against these attacks and void any potential threatIn fact more than ever , . However, no uncomplicated fix can guarantee threat actors will not access computer systems using this attack.
Google has urged companies to monitor their networks properly to detect unusual activity. Indeed, should generate “baselines for network traffic” and ensure cybersecurity professionals can detect and handle any suspicious activity onUserstime.
