Getting an email with a calendar link for a meeting has become commonplace, but you may want to think twice before clicking on one. That's because hackers have begun using calendar invites and meeting links to infect unsuspecting users with Mac malware.
As reported by Krebs On Security, cybercriminals are now abusing the popular scheduling tool Calendly in their scams. Like with other malware campaigns, this one uses social engineering to find potential targets but instead of draining their bank accounts, it goes after cryptocurrency.
Still, the hackers behind this campaign could pivot to go after other types of accounts by using a different Mac malware strain. Here’s everything you need to know about how this scam works as well as how to protect yourself and your Apple devices from Mac malware.
From meeting invite to malware infection
Krebs On Security got a first-hand look into this scam after one of the site’s readers explained how they were targeted and fell for it.
In this campaign, the hackers behind it are impersonating cryptocurrency investors who are asking to schedule a video call. However, this lure could easily be adapted to go after other groups of potential victims.
The attack itself began when the reader was approached via Telegram by a scammer that wanted to invest in their startup. Everything seemed above board though and they then shared their Calendly profile with the scammer.
When it was time for the meeting, the reader clicked on the meeting link and nothing happened. They then contacted the scammer who explained that there was an issue with the video platform. Fortunately though, their IT people had created a different meeting link.
While this is certainly the kind of thing that should raise suspicions, the reader didn’t think twice and clicked on the link. However, instead of opening a videoconferencing app, a message appeared on their Mac saying the video service was experiencing technical difficulties. The message also referenced a script that could be run as a temporary solution to fix these issues.
By running the script, the reader unknowingly infected their Mac with a dangerous trojan designed to siphon off personal and financial data from their device. Unfortunately, once they realized what they had done they changed their passwords and reinstalled macOS, so we don’t know which Mac malware strain was used in this attack.
How to stay safe from Mac malware
Just like with the best Windows laptops, you need to be extra careful when dealing with links and messages from unknown senders on your MacBook. Anyone can reach out to you through email and hackers have all kinds of tricks in their arsenal to ensure that their phishing emails go undetected.
As a rule of thumb, you should always hover your mouse over links to see where they go before clicking on them. Likewise, you can copy a link and paste it into a text editor to inspect it further. Doing so is a great idea as it might be a misspelled version of a popular site that takes you to a phishing page instead. At the same time, you want to look out for shortened links as unlike with regular ones, there’s no way to tell at first glance where they go. For this, you need to use a URL expander service and many free ones are available online.
In the scenario described above though, you should never run a script on your Mac that was sent to you by someone you don’t know personally. Even then, for most people, it’s probably a better idea to avoid installing scripts on your Mac altogether.
While your Mac does come with built-in malware protection in the form of Apple’s own XProtect, it may also be a good idea to consider installing one of the best Mac antivirus software solutions to run alongside it. Plus, many Mac antivirus products come with extra security tools like a password manager or even a VPN.
The days when using a Mac meant you were safer from malware are officially over. However, by improving your cyber hygiene and thinking before you click, you can avoid falling victim to a nasty malware infection.
More from Tom's Guide
