Hacked via your calendar?
Someone asked me, "I think I have a virus on my iPhone. Could you take a look?"
I was surprised. I did not think viruses were technically possible on iOS devices.
I agreed to help.
I asked, "What did you notice that makes you think you have a virus?"
This person replied, "I started seeing pop-ups telling me I was hacked."
I pondered the response. "What app were you using?"
"I was using the Google app."
"Do you remember what you were doing there?"
"I searched for a former president's name and clicked the search result. It didn't take me to a website. Instead, it took me back to the Google search page."
I pondered the response. How could searching a president's name get oneself hacked?
"Look!" this person said. "The pop-up is there."
I looked at the phone and saw it was a calendar reminder notification. Interesting!
I opened the calendar app and saw calendar entries with scary titles and links to potential phishing sites.
Hacking through someone's calendar?! These malicious actors are incredibly clever.
I removed the subscribed calendar account and asked this person to clear the cache from all the web browsing apps.
I used my own device to find out how this was possible. I found an article that explains it. (See the link below). Turns out this is a relatively new attack vector.
I asked, "Do you remember clicking some alert when you were browsing the web?"
"Well, yes. I got an alert. It had a button that said, 'Okay, got it." So, I clicked it. I don't remember what it said."
I suppose this person clicked a malicious pop-up alert that subscribed the calendar to a malicious shared calendar.
Fortunately, this person did not click on any of the calendar notifications. The bad news: this event reminded me that cyber defenders could continue to be behind the cyber attackers. I would not have considered an attack via a calendar app.
Before You Go
Originally posted on Patreon