A new attack vector where cybercriminals are weaponizing Google Calendar invites to deliver malware, using a sophisticated obfuscation technique involving just a single visible character that hides malicious code. By hiding malicious code in what appears to be a single character and utilizing Google Calendar as a delivery mechanism, attackers have created a concerning new attack vector that could potentially compromise both individual users and organizations. In March 2025, security researchers at Aikido discovered a suspicious npm package called “os-info-checker-es6” that appeared to check system information but contained suspicious code. Check Point researchers independently identified similar attacks, noting that cybercriminals are modifying email headers to make malicious messages appear as though they were sent directly from Google Calendar. “What we discovered was fascinating – that single character wasn’t actually a simple pipe symbol, but contained invisible Unicode Private Use Area (PUA) characters,” explained researchers in their analysis. “This represents a concerning evolution in attack methodology,” said Charlie Eriksen to Cyber Security News. This attack demonstrates how cybercriminals continue to find innovative ways to deliver malicious payloads, leveraging trusted platforms and sophisticated obfuscation techniques. Google has acknowledged the threat, recommending that users enable the “known senders” setting in Google Calendar to help defend against this type of phishing. The investigation revealed that the malware was designed to fetch malicious payloads through a Google Calendar invite URL. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 14 May 2025 14:55:06 +0000