Connect with us

Technology

How crypto imposters are using Calendly to infect Macs with malware

Published

on

How crypto imposters are using Calendly to infect Macs with malware

Join Fox News for access to this content

Plus special access to select articles and other premium content with your account – free of charge.

Please enter a valid email address.

By entering your email and pushing continue, you are agreeing to Fox News’ Terms of Use and Privacy Policy, which includes our Notice of Financial Incentive. To access the content, check your email and follow the instructions provided.

Having trouble? Click here.

A new hacking threat is targeting crypto users via Calendly, a popular meeting-scheduling app. This is a serious issue that could compromise your security and privacy, so you need to be aware of how it works and how to protect yourself.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Advertisement

Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)

Hackers are posing as crypto investors via Calendly

The way this particular threat works is rather straightforward, yet sneaky. To start, many people in the crypto world are seeking investments to support their crypto start-up ideas or something related.

People like this need to be active in crypto communities and investment spaces to connect with the right people to support them. It’s not uncommon for these people to have a link to schedule a meeting with them on their profile, via Calendly, a popular scheduling app not just for people in cryptocurrency but for anyone.

Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)

How the hacker infiltrates the target’s device

Unbeknownst to the soon-to-be victim, these hackers are taking advantage of these individuals by posing as crypto investors, the exact kind of people these folks want to get in touch with. When they book a meeting on this person’s calendar, they add a meeting link that runs a script that installs malware on macOS systems.

Advertisement

A real-life example of how crypto impersonators lure victims

This happened to one unlucky person in this situation. The hacker reached out via Telegram – an encrypted messaging app – and asked about booking a meeting. The person sent the “investor” their Calendly link, and on the day of the meeting, went to the meeting link that the “investor” had added. In most cases, this is normal – a link to a Zoom or Google Meet is not unusual. And because the user had already spoken to the person via Telegram and seemed legitimate, there was no reason to think twice about this.

The sinister scheme was revealed when links failed

Only when the person went to click the link and when the “investor” didn’t show up, did he contact him on the same Telegram thread. The “investor” apologized for the inconvenience and sent a new link, explaining there was an issue with IT.

However, the link still did not work, and the meeting never happened, with the “investor” asking to reschedule. It dawned on the person a little afterward that this may have been a hack attack, via an Apple Script (file extension “.scpt”) that downloads and executes a malicious Trojan made to run on macOS systems.

Hacker Google Meet request (SlowMist) (Kurt “CyberGuy” Knutsson)

MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES

Advertisement

How quick action foiled a Mac malware attack

Because the person who was the target of this attack promptly backed up their data upon realizing the attack, it prevented the loss of evidence regarding the actual malware downloaded onto their macOS. Cybersecurity firms were able to analyze the script information, which led them to identify similarities with previous attacks carried out by the same group and warn the public.

Security alert (SlowMist) (Kurt “CyberGuy” Knutsson)

MORE: HOW TO PROTECT YOUR MAC FROM THE NEW METASTEALER MALWARE

The perpetrators are a hacker group from North Korea

A cybersecurity firm discovered a phishing attack in 2023 that was carried out by state-sponsored hackers from North Korea, specifically a subgroup of the notorious Lazarus group. This group typically targets financial gains, aiming to steal money or cryptocurrency to fund the North Korean military regime.

In this particular attack, the North Korean hackers exploited the “Add Custom Link” feature within the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. They also employ similar tactics on Telegram.

Advertisement

This incident underscores the importance of vigilance and robust security measures to safeguard against cyberthreats, especially those originating from state-sponsored actors.

Add Custom Link feature (SlowMist) (Kurt “CyberGuy” Knutsson)

Calendly’s response to malware attacks 

We reached out to Calendly, and their CISO (chief information security officer), Frank Russo, provided us with this statement.

“We’re aware of these types of social engineering attacks by cryptocurrency hackers. This attack violates our Terms of Use, and accounts are immediately terminated when discovered or reported. To help prevent these kinds of attacks, our security team and partners have implemented a service to automatically detect fraud and impersonations that could lead to social engineering. We are also actively scanning content for all our customers to catch these types of malicious links and to prevent hackers earlier on. Additionally, we intend to add an interstitial page warning users before they’re redirected away from Calendly to other websites.”

How to protect yourself against cyberthreats

MacOS users tend to experience fewer malware attacks than PC users. But this idea can make MacOS users more vulnerable to attacks because they may feel they are simply safe. Because hackers are getting more and more sophisticated, it’s important never to let your guard down and to follow these precautions.

Advertisement

Be cautious with links: If you receive a Calendly link from an unfamiliar sender, refrain from clicking on any embedded links, even if the sender appears trustworthy. Additionally, exercise vigilance when dealing with phishing emails or messages related to crypto exchanges or wallets, as they may contain malicious attachments or links with malware. When using Calendly, take note of the source and domain of any links you encounter on the interface. Before clicking, hover your mouse over the text to verify the link address and avoid accessing potentially harmful phishing links.

Send meeting links yourself: Whenever possible, send the meeting link directly to the person scheduling the call. This minimizes the risk of accidentally clicking on malicious links.

Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Mac, Windows, Android & iOS devices.

Perform regular updates: Regularly update your operating system and security software to stay ahead of potential vulnerabilities.

Have strong passwords and use two-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And two-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.

Advertisement

Person typing on a laptop (Kurt “CyberGuy” Knutsson)

MORE: DON’T FALL FOR THESE SNEAKY TAX SCAMS THAT ARE OUT TO STEAL YOUR IDENTITY AND MONEY

Kurt’s key takeaways

As long as there is money and information to steal online, hackers will stop at nothing to trick innocent people into downloading malware onto their devices. So, stay up to date with the latest threats so that you can ensure you’re doing everything to protect yourself.

Have you encountered suspicious meeting requests via Calendly or other scheduling apps? Do you think the app companies should do more to verify the authenticity of such links? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Advertisement

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Technology

Hoto’s PixelDrive screwdriver is down to $60, matching its best price

Published

on

Hoto’s PixelDrive screwdriver is down to , matching its best price

If your Prime Day purchases included a new desk, TV stand, bookshelf, or other furniture you still haven’t assembled, Hoto’s PixelDrive cordless screwdriver can help speed up the process. It’s currently on sale for $59.99 ($20 off) at Amazon, matching its best price to date.

From tightening loose screws on furniture to repairing electronics, the PixelDrive is designed to handle a wide range of household projects. Hoto includes 30 screwdriver bits that cover many of the most common screw types, all neatly organized in a small cylindrical case. It also offers six adjustable torque settings, allowing you to use less power when working with fragile electronics or increase it when putting together a desk, bookshelf, TV stand, or other furniture. You can also switch between a slower 80RPM mode for more precise work and a faster 200RPM mode with the press of a button.

Hoto also added several features that make assembling projects a little easier. A built-in display lets you quickly check your current torque setting and remaining battery life, while an integrated LED light helps illuminate dim spaces, whether you’re working under a desk or inside a cabinet. The rechargeable 2,000mAh battery also charges over USB-C, so you won’t need to keep buying disposable batteries.

Continue Reading

Technology

Starship delivery robots leave campuses for cities

Published

on

Starship delivery robots leave campuses for cities

NEWYou can now listen to Fox News articles!

Those little white robots that once rolled across college sidewalks with lattes, fries and late-night snacks are getting a new assignment. Starship Technologies recently announced that it will wind down its U.S. university campus operations and redeploy more than 1,200 robots toward grocery chains and hot food delivery in cities across the United States and Europe.

If you have ever watched one of these robots patiently wait at a crosswalk like a polite cooler on wheels, you know why students got attached. They became part campus convenience, part mascot. Now, the company is moving from a controlled campus setting into a much tougher public test.

CHINAS ROBOT-RUN HOTEL OPENS TO PUBLIC IN 2027

That raises the bigger question: will these cute campus robots be just as welcome when they start sharing crowded city sidewalks with you?

Advertisement

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Starship is winding down U.S. campus robot operations as it expands grocery delivery in the U.S. and Europe. (Starship)

 

Why Starship is pulling robots from college campuses

Starship says the decision comes down to focus. The company says its grocery delivery operations are on a 10x growth trajectory over the next two years, driven by demand from major retailers in the United States and Europe.

In Finland, Starship says its robots already complete roughly one in five grocery deliveries. That gives the company a real-world model it wants to repeat elsewhere. To support that expansion, more than 1,200 robots from U.S. campus fleets will be moved into grocery delivery. For Starship, that is a major pivot. Campuses helped the company build its brand in the U.S. They also gave the robots a place to learn.

 

Why college campuses were the perfect robot testing ground

Starship made a big U.S. splash at George Mason University in 2019, when the school became the first U.S. university to offer autonomous robot deliveries from Starship. From there, the robots spread to dozens of campuses. That made sense. College students are often hungry at odd hours. Many live without a full kitchen. They also tend to be open to new tech, especially when it brings food to the dorm without small talk.

During the pandemic, contactless delivery became even more appealing. A robot that could roll up with lunch while limiting person-to-person contact suddenly felt useful in a very different way.

Advertisement

 

The campus pullback will not happen overnight

Starship says it has worked with its university campuses and industry partners to keep service running through the 2026–2027 back-to-school season, with transition plans in place to reduce disruption. So, this does not appear to be an instant shutdown where every campus robot disappears at once. Instead, the company is moving away from the university model while preparing its fleet for a bigger push into grocery and restaurant delivery.

For students who loved the bots, it may still feel like the end of an era. For Starship, though, it is a move toward the market where the company believes the economics are stronger. Starship CEO and co-founder Ahti Heinla says the company’s robots can deliver groceries at a cost $3-$4 lower per delivery than traditional courier fulfillment. That is the kind of claim that gets the attention of retailers trying to make last-mile delivery less expensive.

ZOOX ROBOTAXI REDESIGN BRINGS BIG RIDER UPGRADES

 

Why city sidewalks could be a tougher test

The next phase could get messy. Delivery robots have to share sidewalks with people who are walking, pushing strollers, using wheelchairs, carrying groceries or trying to catch a bus. That means every design choice matters. A robot that blocks a curb ramp can create a real problem. A robot that pauses in the wrong spot can turn from cute to irritating fast. If one reverses unexpectedly or gets stuck near a crosswalk, the novelty wears off even faster.

There have already been warning signs. Reports have described delivery robots bumping into people, getting stuck in odd places and raising accessibility concerns. Chicago has also seen local pushback and safety concerns around sidewalk delivery robots, which shows Starship still has work to do if it wants city residents to embrace them. That is the challenge Starship now faces. The same robot that felt charming on a campus may feel like clutter on a narrow sidewalk.

Advertisement

Starship Technologies is shifting more than 1,200 campus delivery robots to grocery and restaurant deliveries in cities. (Starship)

 

What grocery delivery changes

Grocery delivery is a different business from campus food delivery. A college order might be a sandwich, a soda or a late-night snack. A grocery run can involve heavier items, more frequent routes and customers who expect reliability every time. If Starship can make that work, the payoff could be huge. Grocery stores want cheaper local delivery. Customers want speed without sky-high fees. Cities want fewer cars clogging short delivery routes.

Starship says the global food delivery market is now worth $650 billion and needs delivery systems with higher autonomy levels. The company also says it has completed more than 10 million deliveries, which gives it a sizable head start in the sidewalk robot category.

However, the public will need convincing. People may welcome a robot bringing milk and eggs on a rainy night. They may also get annoyed if that same robot blocks a sidewalk during the morning rush. That will all decide whether sidewalk robots become normal or face more local limits.

 

Why Estonia still matters to Starship

Starship was founded in Tallinn, Estonia, in 2014 by Ahti Heinla and Janus Friis. Estonia remains home to the company’s core engineering and AI development team. That is important because this shift is not only about where the robots operate.

Advertisement

 

The big question for robot delivery

Starship’s move shows where the delivery robot business is headed. College campuses helped make the robots likable. Grocery delivery may determine whether they become profitable. Still, the sidewalks belong to the public. That means companies need more than clever machines. They need trust, clear rules and designs that respect people who move through cities in different ways.

A delivery robot should never make a sidewalk harder to use for someone with a cane, stroller or wheelchair. It should not turn public space into an obstacle course. If companies want these robots to feel normal, they need to prove they can operate without making daily life more frustrating.

ARE HUMANOID ROBOTS NOW COMING FOR RETAIL JOBS?

Starship says grocery delivery demand is pushing its robot fleet from college campuses into urban neighborhoods. (Starship)

 

What this means to you

You may start seeing more delivery robots near grocery stores, restaurants and apartment-heavy neighborhoods. If that happens, pay attention to how they behave in your area. Look for whether they yield to pedestrians, avoid curb ramps and handle crowded sidewalks well. Also, check whether your city has rules for personal delivery devices. Some places allow pilot programs, while others limit where these robots can operate.

Advertisement

If a robot causes a problem, document it safely. Take a photo or video, note the location and report it to your city or the delivery company. That is important because local officials need real examples, not vague frustration, when they decide what rules should apply. There is also a privacy angle. These robots use sensors and cameras to navigate. Companies may say the data supports safe operation, but you still deserve clear answers about what gets collected, how long it is kept and whether law enforcement can request it.

 

Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes

Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com

 

Kurt’s key takeaways

Starship’s campus exit feels like the end of a quirky era, especially for students who got used to seeing the little robots rolling around campus. But this shift also tells us something bigger about where autonomous delivery is going. The next battle will happen on city sidewalks, not college campuses. If these robots save money and reduce short car trips, they could become very useful. But if they crowd walkways or create safety headaches, people will push back hard. To me, the real test is pretty clear. Robot delivery needs to work for everyone on the sidewalk, including people who never ordered anything.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Would you be ok with a delivery robot on your block, or would you rather keep your sidewalks robot-free? Let us know by writing to us at CyberGuy.com.

Advertisement

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Continue Reading

Technology

America’s greatest idea is still under threat

Published

on

America’s greatest idea is still under threat

The United States of America recently turned 250 years old. What a spectacle! The fireworks were amazing, and millions of proud people celebrated across the nation — even around the world. France lit up the Eiffel Tower; Japan had fireworks. French fighter jets flew above New York City with trails of red, white, and blue — our first major ally streaking our shared colors through the sky. Meanwhile, shameful white nationalists paraded through our nation’s capital. This has always been a country of paradoxes.

Our 250th birthday counts back to the Declaration of Independence in 1776. The declaration was a radical and astonishing document that still serves as America’s soul. But the beating heart of the nation wouldn’t come until more than a decade later, when the Constitution was ratified. That document is why I’m able to write this to you today. And we need you to help protect it.

The First Amendment to the Constitution is so potent that people across the world who live in places untouched by US law often seem to think they have the same rights it establishes. The First Amendment is our day-one theory of what makes a free society. It’s literally the first cure by the framers for a project they knew would be forever imperfect and incomplete — fixable only by way of the right to free expression.

The Verge exists today because of this great project. We believe in it deeply. The First Amendment affords us the knowledge that we’re likely free from imprisonment from expressing our freedom to speak. But journalism and speech are always under assault. It’s one of the reasons why we’ll always need lawyers despite likely having the strongest editorial ethics policy in the industry.

Here’s what the First Amendment says:

Advertisement

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

This is a compelling and beautiful idea. But we’ve had to fight to keep it alive from the beginning..

John Adams, one of the fiercest revolutionaries who railed against British tyrrany and helped secure independence, completely fucked up the First Amendement when he became the second US president. Adams’ series of Alien and Sedition Acts of 1798 look positively Trumpian in retrospect, railing against foreigners, expanding presidential power to arrest, imprison, or deport people, and perhaps most insidiously, making it a crime for American citizens to print “scandalous and malicious” writings against the government. Adams surely loved the country he created, but nonetheless shrunk before the magnitude of its liberties.

Fast-forward to World War I, when the First Amendment was again under attack, this time by the Supreme Court. The court’s awful decision under Oliver Wendell Holmes was later overturned, but its fearful message about free speech still sticks with us. You’ve probably heard the phrase “you can’t shout ‘fire’ in a crowded theater” — not actually true. The misquoting and misinterpretation here is darkly funny: Trevor Timm, in The Atlantic, notes the court decision the phrase refers to was actually about whether an American socialist “could be convicted under the Espionage Act for writing and distributing a pamphlet that expressed his opposition to the draft.” It almost sounds ripped from contemporary headlines. (Nearly a century later, the Espionage Act would be used again to target, this time, a New York Times journalist.)

Misunderstandings about the First Amendment still abound. On the front lines we most readily see it in police confrontations where armed agents of the state bungle their constitutional duties with disastrous results.

Cops are routinely so terrible at understanding America’s foundational law that there’s now a cottage industry of streamers and influencers who work as “First Amendment auditors” — people who intentionally flex their right to record in public to bait dummies into abridging their freedom of speech. It’s easy to go down TikTok rabbit holes where you’ll find someone recording an illegal traffic stop from inside their car, or a fully kitted streamer recording harassment on a public sidewalk. When the police inevitably show up to hassle someone for exercising their rights, the stakes are immediately raised.

Advertisement

In a best-case scenario, a higher-ranking cop arrives and dispels their colleagues’ unconstitutional conduct. In other cases, someone ends up getting detained or arrested for completely protected behavior.

It’s even worse than usual in 2026, because we now live under an administration that’s flooding cities with barely trained federal agents who see constitutionally protected behavior as a threat. This has resulted in deaths, assaults on reporters, and an untold broader cost of regular people having to endure the immense burden of confronting the justice system simply for doing things they have the fundamental right to do. The right to speak and assemble is especially valid when it’s in protest of the government. That’s the whole point of this thing! And yet.

The latest assaults on the First Amendment have been encouraged by people all the way up the chain of command. We’re being betrayed by officials who are supposed to protect us, people who swore an oath to the Constitution and ought to know better. The FCC is not supposed to regulate speech but has nonetheless become a nightmare of incompetence and civil rights suppression. Do you miss Stephen Colbert on The Late Show? Thank the Trump administration, which now operates a mob-like patronage system that has cowed the billionaire princes who own America’s broadcast networks. Or ask Jimmy Kimmel, who got kicked off the air after conservatives went nuclear over his tame remarks about Charlie Kirk, a man who spent his time poisoning our national discourse with none of the grace or wit employed by national talk show hosts.

The Trump regime in general has an incredibly disturbing record on free speech, from science to the operations of the largest social networks. Donald Trump rails against anyone who doesn’t bow to him, and the list of his victims is too long to enumerate. But here’s an important one: The president once threatened to jail Meta CEO Mark Zuckerberg for life. Zuckerberg is far more wealthy and powerful than Trump in many respects, but what did he do? Two years after the threat, Zuckerberg showed up on the White House lawn to celebrate Trump’s insane UFC fight show. He tapped out against a bully.

This is what makes everything really messy. We live in an age dominated by communication platforms that are so wealthy, powerful, and pervasive that they seem practically unrestrained by the US government, but paradoxically must still cozy up to a regime that has no actual respect for them or for their free speech. Trump once threatened to blow up the entire internet because he wanted platforms to censor things to his advantage. The CEOs of those companies still indulge him with flattery and photo ops.

Advertisement

This blurring of public and private interests has fueled a funhouse-mirror idea of “free speech culture” that’s actually designed to crack down on free speech. The loudest people crying about free speech culture do so as if theirs is not the freest ever in history, while simultaneously supporting actual government censorship, like banning books.

I can’t say it better than Ken White has, so just go read him on this point. White explains how “free speech culture” has emboldened the Trump admin and others to engage in real censorship. “When enough people think that all of free speech—including free speech law—is bullshit, then free speech rights won’t be enforced,” he writes.

Our constitutional punchbowl has been spiked by madmen who profit from confusion about our rights and the rule of law. It doesn’t have to be this way. Just remember: The First Amendment is a restraint on the government that prevents it from prohibiting your speech.

Moreover: Actual censorship is government suppression of speech. It’s entirely understandable that we’re confused about what censorship is because of how hard many people have worked to keep us confused. A social media platform moderating your post is not censorship — it’s actually free speech. Yes, that sounds completely counterintuitive, but it’s true. The alternative is a situation where the government forces private citizens to publish things they don’t want to, including hate speech.

Much was unsaid here, including the history of immense pain and suffering that has kept the First Amendment and our broader rights alive. I won’t claim to know what the fix is for our current mess, but I’ll say I really hate when our leaders say things like “this is not who we are” when they talk precisely about the things that define who we are. And part of who we are is a coalition that claims to want free speech in theory while simultaneously suppressing it in practice.

Advertisement

So what can you do? Yes, of course, vote. But there’s much more to do. Write or call your congresspeople (I promise this does matter). Participate in local elections, especially for school boards, which are on the front lines of book banning. And if you’re reading this, thank you for subscribing — but consider also supporting other newsrooms.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Continue Reading
Advertisement

Trending