Google Calendar Exploited by Hackers as Covert C2 Channel
Originally Published 2 years ago — by Security Affairs
Google warns of threat actors using a public proof-of-concept exploit called Google Calendar RAT, which utilizes the Calendar service as a command-and-control (C2) infrastructure. The exploit creates a covert channel by exploiting event descriptions in Google Calendar, making it difficult for defenders to detect malicious activity. While Google has not observed the use of Google Calendar RAT in the wild, Mandiant has seen multiple actors sharing the exploit on underground forums. This follows previous instances of threat actors abusing Google services for their operations.