Google has issued a warning about its Google Calendar service. The tech giant says hackers might abuse this service secretly and send commands to a piece of malware imprinted on a computer.
This threat deals with a “command and control” infrastructure created by hackers to communicate with malware after infecting an IT system.
According to Google, hackers will exploit this calendar service by sending commands to the malware using a “C2” server. In some cases, the hackers will hide their C2 activity using legitimate services to host commands on the malware.
Hackers Deploy Malware Using Google Calendar
Previously, hackers hosted C2 commands using cheap or free cloud services like Dropbox and Amazon Web Services, Google Drive, and Gmail. This action prevents antivirus programs and cybersecurity professionals from uncovering the activities of a hacker because the C2 commands delivered to the malware will seem legitimate.
Google now warns that a similar exploit could be done on its calendar services. The company issued a report referring to a proof-of-concept study by a cybersecurity researcher leveraging Google Calendar as a C2 server.
The PoC is known as Google Calendar RAT, and it works by placing the C2 commands in an event mimicking a Google Calendar entry. The hacker’s malware will later connect to the Google account to fetch and execute commands on the infected device.
The Google report opined that according to the developer, GCR would communicate exclusively using a legitimate infrastructure operated by Google. The process also made detecting suspicious activity challenging for the available software defenders.
No Attack Detected
The company has not detected hackers using Google Calendar to distribute malware by hosting C2 commands. However, Google reports that several threat actors have shared public proof of concept research on dark web forums. This shows these hackers’ increased interest in abusing cloud services and potentially causing an attack.
The report published by Google on this attack also mentions some ways that users can mitigate against these attacks and void any potential threat. However, no easy solution can guarantee threat actors will not access computer systems using this attack.
Google has urged companies to monitor their networks properly to detect unusual activity. Users should create “baselines for network traffic” and ensure cybersecurity professionals can detect and handle any suspicious activity on time.