A new hacking threat is targeting cryptocurrency users via Calendly, a popular meeting scheduling app. This is a serious issue that can compromise your security and privacy, so you should know how it works and how to protect yourself.
Calendly app (Calendly) (Kurt “Cyber Guy” Knutson)
Hackers pose as crypto investors through Calendly
The mechanics of this particular threat are fairly simple, but sneaky. First, many people in the cryptocurrency industry are looking for investment to support cryptocurrency startup ideas and related things.
These people need to be active in the cryptocurrency community and investment space and connect with the right people who can support them. It’s not uncommon for these people to have a link on their profile to schedule a meeting via his Calendly, a popular scheduling app for everyone, not just those in crypto. .
Calendly app (Calendly) (Kurt “Cyber Guy” Knutson)
How hackers break into target devices
These things can go unnoticed by the soon-to-be victim. Hackers are taking advantage of these individuals posing as crypto investors, the exact kinds of people these people want to get in touch with. When you book a meeting on this person’s calendar, a meeting link is added that runs the following script: malware For macOS systems.
Examples of how crypto spoofers lure victims
In such a situation, something like this happened to one unlucky person. The hacker contacted him via his Telegram, an encrypted messaging app, and asked about booking a meeting. The person sent the Investor his Calendly link and accessed the meeting link added by the Investor on the day of the meeting. In most cases this is normal. Links to Zoom and Google Meet are not uncommon. And since the user was already talking to the person via his Telegram and it seemed legitimate, there was no need to think twice about this.
A sinister plan is revealed when the link fails
Only when the person tried to click on the link, and the “investor” did not appear, did I contact the person in the same Telegram thread. The “investor” apologized for the inconvenience, explained it was an IT issue, and sent a new link.
However, the link still did not work and the “investor” asked for a change in schedule, so the meeting did not take place. A little later, it was discovered that this was a hacking attack via an Apple Script (file extension “.scpt”) that downloaded and executed a malicious Trojan horse made to run on macOS systems. I realized that maybe it was.
Hacker Google Meet Request (SlowMist) (Kurt “Cyber Guy” Knutson)
Read more: Stealthy backdoor MAC malware that can wipe your files
How we stopped a Mac malware attack by acting quickly
The target of this attack backed up their data as soon as they became aware of the attack, thus preventing the loss of any evidence regarding the actual malware downloaded to macOS. Cybersecurity companies were able to analyze the script information, which identified similarities to previous attacks carried out by the same group and alerted the public.
Security warning (SlowMist) (Kurt “Cyber Guy” Knutson)
More information: How to protect your MAC from the new METASTEALER malware
The culprit is a North Korean hacker group.
a cyber security hard discovered a phishing attack carried out by North Korean state-sponsored hackers in 2023, particularly a subgroup of the notorious Lazarus group. This group typically targets financial gain and aims to steal money and cryptocurrencies to fund the North Korean military regime.
In this particular attack, North Korean hackers exploited the “Add Custom Link” feature within the Calendly meeting scheduling system on event pages to inject malicious links and launch phishing attacks. They employ similar tactics on Telegram.
This incident highlights the importance of vigilance and robust security measures to prevent cyber threats, especially those posed by state-sponsored attackers.
Addition of custom link function (SlowMist) (Kurt “Cyber Guy” Knutson)
Calendly’s response to malware attacks
When we reached out to Calendly, Frank Russo, the company’s chief information security officer, provided us with this statement.
“We are aware of this type of social engineering attack by cryptocurrency hackers, which violates our terms and conditions. terms of service, if discovered or reported, your account will be immediately terminated. To prevent these types of attacks, our security team and partners have implemented services that automatically detect fraud and impersonation that can lead to social engineering. We also actively scan all customer content to catch these types of malicious links and stop hackers early. Additionally, we plan to add an interstitial page that will alert users before they are redirected from Her Calendly to other Her websites. ”
How to protect yourself from cyber threats
MacOS users tend to experience fewer malware attacks than PC users. However, this idea could leave MacOS users more vulnerable to attacks because they may simply feel safer. Hackers are becoming more and more sophisticated, so it’s important to never let your guard down and follow these precautions.
Be careful with links: If you receive a Calendly link from a sender you don’t recognize, don’t click on the embedded link, even if you think the sender is trustworthy. Additionally, be careful when dealing with phishing emails and messages related to cryptocurrency exchanges and wallets, as they may contain malicious attachments or links to malware. When using Calendly, be aware of the sources and domains of links found on the interface. Hover over the text to check the link address before clicking to avoid visiting potentially harmful phishing links.
Send the meeting link yourself. Whenever possible, send the meeting link directly to the person scheduling the call. This minimizes the risk of accidentally clicking on a malicious link.
Use good antivirus software: The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to Antivirus protection Installed on all devices. This can also alert you to phishing emails and ransomware scams. Get my picks for the best antivirus protection products of 2024 for your Mac, Windows, Android, and iOS devices.
Perform regular updates. regularly Update your operating system Security software to stay ahead of potential vulnerabilities.
Set a strong password and use two-factor authentication. Using the same password on multiple platforms always increases your vulnerability because if one account is hacked, all your accounts will be hacked.and two elements certification It’s just an additional shield to prevent hackers from breaking into your account. Please be sure to use it. password manager To keep track of all your passwords.
person typing on laptop (Kurt “Cyber Guy” Knutson)
Read more: Don’t fall for sneaky tax scams that steal your identity and money
Cart important points
As long as they have money and information to steal online, hackers will stop at nothing to trick innocent people into downloading malware onto their devices. Therefore, stay informed about the latest threats to ensure you can do everything to protect yourself.
Have you encountered suspicious meeting requests via Calendly or other scheduling apps? Do you think app companies should do more to verify the authenticity of such links? Email us at please. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Answers to CyberGuy frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.
