MeetC2: Malware Abuses Google Calendar for Secret Comms
Cybersecurity researchers have uncovered MeetC2, a malicious application that exploits legitimate cloud services for nefarious purposes. This cross-platform tool, compatible with macOS and Linux, cleverly conceals its activities within normal business traffic.
MeetC2, a proof-of-concept command and control (C2) framework, uses Google Calendar API to establish a secret communication channel between operators and compromised systems. Inspired by earlier 'GC2-sheet' implementations and the work of LooCiprian, MeetC2 takes covert communication to a new level.
The agent component of MeetC2 sends GET requests every 30 seconds to the Google Calendar API, checking for new news that contain commands. Once a command is detected, the agent extracts and executes it, then updates the news with the output. Operators, on the other hand, issue new commands by posting a new news to the Calendar API endpoint, with the command cleverly hidden in the summary field. The communication between the agent and the operator occurs through domains such as 'oauth2.googleapis.com' and 'www.googleapis.com'.
MeetC2's developer, Deriv Security, has made the project available for download on GitHub at https://github.com/deriv-security/MeetC2.
MeetC2's abuse of legitimate cloud services for adversarial operations serves as a stark reminder of the evolving nature of cyber threats. Its use of Google Calendar API for hidden communication highlights the importance of vigilance and robust security measures in protecting against such sophisticated attacks.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- BMW & Nissan Adapt Strategies for Mexico's Evolving Automotive Sector
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
