Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Hackers are always coming up with new ways to avoid being detected and now, they’ve figured out a way to leverage Google Calendar in their attacks.

As reported by The Hacker News, Google has warned that multiple cybercriminals have shared a proof-of-concept (PoC) exploit that lets them use its calendar service to host their command-and-control (C2) infrastructure.

For those unfamiliar, C2 (also known as C&C) generally refers to a hacker-controlled server that is used by cybercriminals to send commands to and receive data from computers that have been compromised by malware. In this case though, this new PoC exploit lets hackers use Google Calendar as their C2 infrastructure just like they’ve done with Discord, Telegram and other legitimate services in the past.

Fortunately, Google has yet to observe this exploit being used in the wild but it has been shared recently on several hacking forums, which means we could see attacks leveraging it or similar tactics in the future.

Google Calendar RAT

The tool itself is called Google Calendar RAT (GCR) and it requires a Gmail account to use Google Calendar events.

In a post on GitHub, researcher Valeria Alessandromi (also known as MrSaighnal online) who created the tool, explained that it creates a ‘Covert Channel’ that hackers can use in their attacks by exploiting event descriptions in Google Calendar. 

In order to use GCR for C2 purposes, an attacker would need to set up a Google service account and then obtain that account’s credentials.json file, which needs to be placed in the same directory as a malicious script  From here, they would then have to create a new Google Calendar event and share it with the service account and edit the malicious script to point to the calendar address. Once this is done though, an attacker could execute commands using the event description field in Google Calendar.

What makes GCR so concerning is that a remote access trojan like this one running on legitimate cloud infrastructure will be much harder for companies and security researchers to detect. Email security checks and even the best antivirus software might miss links to these calendar events, which could then be delivered to potential victims without being flagged as malicious. 

Hackers use a number of different tricks to avoid being detected but with GCR and similar exploits, they don’t need to worry about being found out.

How to stay safe from novel attack methods

New attack methods are released every day and while hackers often use them to go after larger targets like businesses, they could also be used against regular people. For this reason, you should always be extra careful when dealing with links and documents from people you don’t know online.

For instance, if someone you don’t know shares a file with you through Gmail or Google Drive, you shouldn’t rush to open it. Instead, you want to think carefully about the file itself and why this particular person may be sharing it with you. Antivirus software can help you deal with malicious documents while the best identity theft protection services can help you recover funds lost to fraud as well as your identity should it be stolen.

Apart from these tips, educating yourself about the latest tactics used by hackers and cybercriminals can help you stay safe online. Besides stories like this one, it may also be a good idea to dive into the blog posts and reports put out by cybersecurity firms like Bitdefender, Malwarebytes, Trend Micro and other big players in the field. Fortunately, they all have their own blogs which are regularly updated with new research.

Google Calendar and other Google services are as useful for ordinary people as they could potentially be for hackers in their attacks. This is why we’ll likely continue to see stories about cybercriminals coming up with new ways to abuse them for their own gain. 

More from Tom's Guide

• New Android malware dropper sneaks past Google — protect yourself now
• NSFW Facebook ads being used to spread dangerous malware
• This little device can render your iPhone unusable — how to stay safe