Technology
How crypto imposters are using Calendly to infect Macs with malware
A new hacking threat is targeting crypto users via Calendly, a popular meeting-scheduling app. This is a serious issue that could compromise your security and privacy, so you need to be aware of how it works and how to protect yourself.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)
Hackers are posing as crypto investors via Calendly
The way this particular threat works is rather straightforward, yet sneaky. To start, many people in the crypto world are seeking investments to support their crypto start-up ideas or something related.
People like this need to be active in crypto communities and investment spaces to connect with the right people to support them. It’s not uncommon for these people to have a link to schedule a meeting with them on their profile, via Calendly, a popular scheduling app not just for people in cryptocurrency but for anyone.
Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)
How the hacker infiltrates the target’s device
Unbeknownst to the soon-to-be victim, these hackers are taking advantage of these individuals by posing as crypto investors, the exact kind of people these folks want to get in touch with. When they book a meeting on this person’s calendar, they add a meeting link that runs a script that installs malware on macOS systems.
A real-life example of how crypto impersonators lure victims
This happened to one unlucky person in this situation. The hacker reached out via Telegram – an encrypted messaging app – and asked about booking a meeting. The person sent the “investor” their Calendly link, and on the day of the meeting, went to the meeting link that the “investor” had added. In most cases, this is normal – a link to a Zoom or Google Meet is not unusual. And because the user had already spoken to the person via Telegram and seemed legitimate, there was no reason to think twice about this.
The sinister scheme was revealed when links failed
Only when the person went to click the link and when the “investor” didn’t show up, did he contact him on the same Telegram thread. The “investor” apologized for the inconvenience and sent a new link, explaining there was an issue with IT.
However, the link still did not work, and the meeting never happened, with the “investor” asking to reschedule. It dawned on the person a little afterward that this may have been a hack attack, via an Apple Script (file extension “.scpt”) that downloads and executes a malicious Trojan made to run on macOS systems.
Hacker Google Meet request (SlowMist) (Kurt “CyberGuy” Knutsson)
MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES
How quick action foiled a Mac malware attack
Because the person who was the target of this attack promptly backed up their data upon realizing the attack, it prevented the loss of evidence regarding the actual malware downloaded onto their macOS. Cybersecurity firms were able to analyze the script information, which led them to identify similarities with previous attacks carried out by the same group and warn the public.
Security alert (SlowMist) (Kurt “CyberGuy” Knutsson)
MORE: HOW TO PROTECT YOUR MAC FROM THE NEW METASTEALER MALWARE
The perpetrators are a hacker group from North Korea
A cybersecurity firm discovered a phishing attack in 2023 that was carried out by state-sponsored hackers from North Korea, specifically a subgroup of the notorious Lazarus group. This group typically targets financial gains, aiming to steal money or cryptocurrency to fund the North Korean military regime.
In this particular attack, the North Korean hackers exploited the “Add Custom Link” feature within the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. They also employ similar tactics on Telegram.
This incident underscores the importance of vigilance and robust security measures to safeguard against cyberthreats, especially those originating from state-sponsored actors.
Add Custom Link feature (SlowMist) (Kurt “CyberGuy” Knutsson)
Calendly’s response to malware attacks
We reached out to Calendly, and their CISO (chief information security officer), Frank Russo, provided us with this statement.
“We’re aware of these types of social engineering attacks by cryptocurrency hackers. This attack violates our Terms of Use, and accounts are immediately terminated when discovered or reported. To help prevent these kinds of attacks, our security team and partners have implemented a service to automatically detect fraud and impersonations that could lead to social engineering. We are also actively scanning content for all our customers to catch these types of malicious links and to prevent hackers earlier on. Additionally, we intend to add an interstitial page warning users before they’re redirected away from Calendly to other websites.”
How to protect yourself against cyberthreats
MacOS users tend to experience fewer malware attacks than PC users. But this idea can make MacOS users more vulnerable to attacks because they may feel they are simply safe. Because hackers are getting more and more sophisticated, it’s important never to let your guard down and to follow these precautions.
Be cautious with links: If you receive a Calendly link from an unfamiliar sender, refrain from clicking on any embedded links, even if the sender appears trustworthy. Additionally, exercise vigilance when dealing with phishing emails or messages related to crypto exchanges or wallets, as they may contain malicious attachments or links with malware. When using Calendly, take note of the source and domain of any links you encounter on the interface. Before clicking, hover your mouse over the text to verify the link address and avoid accessing potentially harmful phishing links.
Send meeting links yourself: Whenever possible, send the meeting link directly to the person scheduling the call. This minimizes the risk of accidentally clicking on malicious links.
Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Mac, Windows, Android & iOS devices.
Perform regular updates: Regularly update your operating system and security software to stay ahead of potential vulnerabilities.
Have strong passwords and use two-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And two-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.
Person typing on a laptop (Kurt “CyberGuy” Knutsson)
MORE: DON’T FALL FOR THESE SNEAKY TAX SCAMS THAT ARE OUT TO STEAL YOUR IDENTITY AND MONEY
Kurt’s key takeaways
As long as there is money and information to steal online, hackers will stop at nothing to trick innocent people into downloading malware onto their devices. So, stay up to date with the latest threats so that you can ensure you’re doing everything to protect yourself.
Have you encountered suspicious meeting requests via Calendly or other scheduling apps? Do you think the app companies should do more to verify the authenticity of such links? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25832232/honor_magic_7_pro.jpg "Honor’s Magic 7 Pro looks flagship through and through")
Honor’s flagship Magic 7 Pro launches in the UK and Europe today, powered by the Snapdragon 8 Elite and protected by top-tier water-resistance. It also features a high resolution 200 megapixel telephoto camera.
Arriving a week after the OnePlus 13 and a week before we expect to meet Samsung’s Galaxy S25 phones, the Magic 7 Pro is among the first phones to release outside of China with Qualcomm’s new chipset inside. That makes it one of the most powerful phones on the market, especially with 12GB of RAM. It also features a sizable 5,270mAh battery built around a silicon-carbon chemistry, allowing it to pack more energy into a smaller space with the Magic 7 Pro measuring just 8.8mm thick.
Much like the new OnePlus phone — and, unexpectedly, Motorola’s $299.99 Moto G Power, which launched in the US yesterday — the Magic 7 Pro is both IP68 and IP69-rated. That means that in addition to the usual protection from dust and submersion in water, it should survive exposure to steam and high-pressure water jets — ideal if you regularly use your phone in a jacuzzi, probably overkill for the rest of us.
Also unusual is the phone’s 200 megapixel 3x periscopic camera. We’ve seen megapixel counts as high as this before, but mostly on main cameras, not zoom lenses — with the exception of Vivo’s X100 Ultra and X200 Pro. It’s bolstered by an AI Super Zoom feature that kicks in at 30x zoom for added clarity, with this and a few other camera AI modes using a combination of on-device and cloud-based large language models to fine-tune images.
There’s even more AI than that, since it ships with Android 15 and Google’s Gemini AI app, which Honor has bolstered with its own AI-powered takes on translation and notes apps.
The Magic 7 Pro launched in China last November, but this is its first appearance outside of the country. Honor is one of several Chinese smartphone manufacturers that saw growth in global market share in 2024, thanks in part to last year’s flagship Magic 6 series and the Magic V3, still the thinnest foldable phone available.
For its European launch the Pro is joined by the Magic 7 Lite, a midrange handset that uses the comparatively sluggish Snapdragon 6 Gen 1 chip and arrives still running Android 14. The selling point of that phone is its enormous 6,600mAh battery, which Honor claims will run for three days. There’s no sign of the regular Magic 7, which launched alongside the Pro in China.
The Magic 7 Pro is available to order now from honor.com starting at £1,099.99 / €1,299 (about $1,340), with major retailers and local carriers set to stock it too. The Magic 7 Lite is much cheaper at £399.99 / €369, and also available now.
You might have heard about electric vertical takeoff and landing aircraft (eVTOL). Well, there’s some exciting news coming from Jetson, a Swedish startup that’s making waves in the air racing scene. While Australia’s Airspeeder has been working on crewed eVTOL races, Jetson founder and CTO Tomasz Patan recently took the spotlight with a demonstration that many are calling the start of the world’s first eVTOL air racing.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Enter the giveaway by signing up for my free newsletter.
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
Airspeeder’s ambitions
Airspeeder has been building momentum since 2017, aiming to establish world championship races with their striking eVTOL aircraft. However, their current races involve remote-controlled vehicles, with pilots safely on the ground. Enter Jetson, who has now demonstrated a crewed flight around a racing pylon, albeit with just one aircraft.
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
EVTOL PROTOTYPE PROMISES 150 MPH CITY-TO-CITY HOPS
The Jetson One: A game changer
The star of this show is the Jetson One, a personal eVTOL designed for agility and performance. In a recent video, Patan showcases the aircraft’s nimble capabilities by navigating around a 26-foot-tall pylon. While this demonstration does not quite constitute a full race, it offers a tantalizing preview of what eVTOL racing could look like. Here are some key features of the Jetson One:
- Dimensions: 8.86 x 5.25 x 3.67 feet
- Top speed: Software-limited to 63 mph
- Flight time: 20 minutes per charge
- Power source: High-discharge Li-ion batteries
- Control: Joystick-operated
- Maximum altitude: Over 1,500 feet (~460 m)
- Pilot requirements: No license needed in the U.S.
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
THIS FLYING ELECTRIC VEHICLE BREAKS RECORD WITH 523-MILE NONSTOP FLIGHT
Market response and future plans
The market response to the Jetson One has been remarkable. The company has already confirmed sales of more than 470 units and is now taking orders for the 2026 batch. To secure your place in line, you’ll need to make a non-refundable deposit of $8,000, with the full price tag coming in at $128,000.
Jetson claims that their eVTOL is user-friendly, stating that pilots can master the aircraft in under 60 minutes of flight practice, along with eight simulator sessions. This accessibility could be a game-changer in the personal aviation market.
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
REVOLUTIONARY FLYING CAR PROMISES HIGHWAY SPEEDS AND 3-HOUR FLIGHTS
Safety and regulatory considerations
While the prospect of personal eVTOLs and air racing is thrilling, it also raises important safety and regulatory questions. Jetson has implemented several safety features, including:
- A race car-inspired safety cell design
- The ability to fly safely with the loss of one motor
- Hands-free hover and emergency functions
- A ballistic parachute with rapid deployment
In terms of regulations, Jetson has made progress, securing two flight permits in Italy for personal eVTOL travel in uncontrolled airspace in fall 2023. However, comprehensive racing regulations are yet to be defined.
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
The competition: Airspeeder and beyond
While Jetson has made headlines with this demonstration, it’s worth noting that Airspeeder isn’t far behind. They have already created teams and held aerial events, albeit with remote-controlled eVTOLs. Their aircraft boasts impressive specifications, including a top speed of 124 mph and a power-to-weight ratio comparable to Formula 1 cars.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
Jetson eVTOL air racing demonstration (Jetson) (Kurt “CyberGuy” Knutsson)
Kurt’s key takeaways
The demonstration by Jetson marks a significant milestone in the evolution of personal aviation and air racing. While it does not yet represent a full-fledged race, it is a tangible step towards a future where eVTOL racing could become a reality. As we look to the skies, it is clear that the race for eVTOL supremacy is just beginning.
What are your thoughts on the future of eVTOL racing and personal aviation after reading about Jetson and Airspeeder? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions: New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23382327/VRG_Illo_STK022_K_Radtke_Musk_Twitter_Upside_Down.jpg "Elon Musk is being sued by the feds over the way he bought Twitter")
Elon Musk’s acquisition of Twitter has resulted in a federal lawsuit by the Securities and Exchange Commission alleging that he broke securities laws with a late disclosure, and saved $150 million in the process.
Before Musk agreed to buy Twitter for $44 billion, before he tried to back out of that deal, before he was forced to go through with it, and before he changed its name to X, he started by acquiring a substantial stake in the company but didn’t reveal that fact until weeks later.
The only problem, as the SEC pointed out then, is that by the time he disclosed that stake, it was outside the agency’s required 10-day window. They claim that he should’ve filed his paperwork by March 24th, 2022, instead of when he actually did, on April 4th (and then again on April 5th). During that period, they say he purchased more than $500 million in shares of the company.
However, with only a few days left before the Trump administration takes over and installs a new head of the SEC (along with Elon Musk reportedly snagging an office in the White House complex), it’s unclear how far the lawsuit will go.
The SEC claims Musk cost investors at least $150 million due to the late disclosure and that he harmed any investors who sold stock between March 25th, 2022, and April 1st, 2022. Its lawsuit is seeking the money Elon made as a result of holding off on the disclosure, as well as a civil penalty and other punishments.
Sharon Magness Blake becomes 46th Citizen of the West
Sara Nelson Restarts the Debate About Allowing More Housing in SoDo – The Urbanist
DUI Checkpoint Scheduled Friday In San Diego's South Bay
Milwaukee Bucks to host 'Bucks In Ink' event Jan. 16 at Fiserv Forum
Frankie Mulinix brings Butoh dance to Atlanta
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
See it: Tesla crashes into Columbus convention center at 70 mph
Fox News Politics: Georgia the whole day through
Death of missing Oregon girl found in stream ruled homicide
Pilots Battling L.A Fires Face Heat, Turbulence, and High-Pressure Risks
Trump Energy Sec pick to share American 'energy dominance' vision at confirmation hearing: 'Agent for change'
South Korea’s President Yoon arrested: What happened and what’s next
Trump’s attorney general pick to face scrutiny on first day of Senate hearing
Video: Fires Continue to Burn One Week Later in California
-
Health1 week agoOzempic ‘microdosing’ is the new weight-loss trend: Should you try it?
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25822586/STK169_ZUCKERBERG_MAGA_STKS491_CVIRGINIA_A.jpg "Meta is highlighting a splintering global approach to online speech")
Technology6 days agoMeta is highlighting a splintering global approach to online speech
-
Science4 days agoMetro will offer free rides in L.A. through Sunday due to fires
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25821992/videoframe_720397.png "Las Vegas police release ChatGPT logs from the suspect in the Cybertruck explosion")
Technology1 week agoLas Vegas police release ChatGPT logs from the suspect in the Cybertruck explosion
-
Movie Reviews1 week ago‘How to Make Millions Before Grandma Dies’ Review: Thai Oscar Entry Is a Disarmingly Sentimental Tear-Jerker
-
Health1 week agoMichael J. Fox honored with Presidential Medal of Freedom for Parkinson’s research efforts
-
Movie Reviews1 week agoMovie Review: Millennials try to buy-in or opt-out of the “American Meltdown”
-
News1 week agoPhotos: Pacific Palisades Wildfire Engulfs Homes in an L.A. Neighborhood