Hackers use complex social engineering campaigns and calendar invites to distribute Mac malware.
Hackers are abusing calendar scheduling tool Calendly to distribute meeting invitations as part of their attempts to trick the best Mac antivirus.
The narrative behind this campaign is much more complex than the usual email spam you might be used to, so here's how they did it and how to stay safe if you're attacked.
Shady investments
Posted by a reader Krebs on security, the campaign saw hackers go after cryptocurrencies by posing as investors looking for their next startup to provide them with funding. In this case, the victim was originally contacted via Telegram looking for an investment opportunity.
The scammer wanted to set up a meeting to discuss potential investment options, so victims submitted their Calendly details to set up a video call. The fateful day was approaching, but nothing happened when the victim tried to open the meeting link. Lo and behold, the scammers' 'IT team' fixed the problem by sending a new meeting link.
Unfortunately, the second link opened a technical error message instead of the meeting, with a message showing that there was an error with the video service. Fortunately, the message had a useful little script that could fix the problem and allow the victim to finally talk face to face with potential investors.
Instead of having the face of the generous benefactor, the script installed a Trojan with the ability to steal sensitive information from the victim's Mac device. The victim, realizing the mistake he was making, changed his passwords and installed a new version of macOS.
While this was a good choice on the part of the victims, it unfortunately means that there is no evidence to suggest exactly what type of malware was used.
To keep your device safe, always have a good amount of suspicion when receiving and clicking on any link sent by a stranger, and be sure to keep your device up to date with the latest updates, or take a look at some of the best firewalls for keep your device safe.
Through TomsGuide
