Hackers have reportedly found a way to use the Google Calendar as command & control (C2) infrastructure which could create quite a few headaches in the cybersecurity community.

  • jimbolauski@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    They are encoding commands in calendar events there is not a vulnerability in Google calendar. After your device is compromised its commanded to subscribe to a calendar. Those events have commands. Since checking your calendar is a normal event unlike connecting to a nefarious server it becomes more difficult to discover.

    • TherouxSonfeir@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Is it? Everything is in their cloud. You’d think since they have all the data they might check it for malicious activity. I guess that’s not much of a priority for them because it’s hard to tell what’s malicious and what’s “Google”