News
Even Google Calendar is not spared from hackers
Google has warned that there is an exploit that takes advantage of Calendar and that can be a potential attraction for hackers.
- November 7, 2023
- Updated: July 2, 2025 at 12:44 AM
As reported by Google itself (via TheHackerNews), it appears that Google Calendar has now become a service of potential interest to hackers, although it doesn’t seem like they are making much use of it at the moment. To be more specific, those at Mountain View have recently shared a warning about the existence of various threat actors who are sharing a proof of concept (PoC) of a public exploit that takes advantage of the mentioned Calendar to host a command and control (C2) infrastructure.
The tool we mentioned, which appears to be circulating on the deep web, is called “Google Calendar RAT” (GCR). It uses events to establish a C2 communication through a Gmail account. According to the person responsible for this threat, who goes by the name MrSaighnal, this script can create a “covert channel” by exploiting event descriptions in Google Calendar. This allows the attacker to establish a direct connection through Google, as stated by the threat actor. Therefore, with this tool, it is very challenging for security teams to detect the threat.
Google Calendar can become an important tool for hackers
This GCR works by having the compromised machine periodically check the event descriptions in Google Calendar for new commands. When these commands are identified, they are executed on the respective device, as reported by Google itself. Additionally, it is mentioned that once the command is executed, the event description is updated with the output of the said command.
As mentioned earlier, it appears that this GCR has not been used as of today, at least according to Google’s information. However, with this circulating on the internet, it seems to be only a matter of time before someone attempts to exploit it. In fact, Mandiant’s threat intelligence unit has already detected that this tool has been shared through underground forums.
Google Calendar joins other legitimate services as a way for hackers to distribute malware, similar to the case of Google Docs. Google Docs has a sharing function that allows users to enter an email address in the document, notifying the recipient that they have access to the file. In fact, it has been observed that malicious links were embedded in files and distributed through users’ email inboxes. Since these emails came from Google, many users bypassed email protection services.
Avid follower of the video game and technology industry, he has worked with media such as Alfa Beta Juega, Urban Tecno, or Nintenderos. Additionally, he runs a small blog focused on video games, HelGames.
Latest from Fran Pérez
- OpenAI presents ChatGPT Edu, bringing AI to students, teachers, and more
- Threads updates its desktop interface and now you can make it look like TweetDeck
- If you haven’t tried the Windows 11 24H2 update in its preview version yet, this is how you can install it
- Microsoft solves several issues on the Surface Pro 9 5G through a new update
You may also like
NewsProSpy and ToSpy: the latest spyware threats disguised as messaging applications
Read more
NewsPersonalized ads are coming to Facebook and Instagram thanks to conversations with AI
Read more
NewsThese are the new releases coming to Crunchyroll this fall
Read more
NewsElon Musk asks followers to cancel their Netflix subscriptions
Read more
NewsThe Russos share an image that could provide clues about the upcoming Avengers movie
Read more
NewsThe queer dating reality show on Netflix has come to an end and will not have a third season
Read more