Technology
How crypto imposters are using Calendly to infect Macs with malware
A new hacking threat is targeting crypto users via Calendly, a popular meeting-scheduling app. This is a serious issue that could compromise your security and privacy, so you need to be aware of how it works and how to protect yourself.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)
Hackers are posing as crypto investors via Calendly
The way this particular threat works is rather straightforward, yet sneaky. To start, many people in the crypto world are seeking investments to support their crypto start-up ideas or something related.
People like this need to be active in crypto communities and investment spaces to connect with the right people to support them. It’s not uncommon for these people to have a link to schedule a meeting with them on their profile, via Calendly, a popular scheduling app not just for people in cryptocurrency but for anyone.
Calendly app (Calendly) (Kurt “CyberGuy” Knutsson)
How the hacker infiltrates the target’s device
Unbeknownst to the soon-to-be victim, these hackers are taking advantage of these individuals by posing as crypto investors, the exact kind of people these folks want to get in touch with. When they book a meeting on this person’s calendar, they add a meeting link that runs a script that installs malware on macOS systems.
A real-life example of how crypto impersonators lure victims
This happened to one unlucky person in this situation. The hacker reached out via Telegram – an encrypted messaging app – and asked about booking a meeting. The person sent the “investor” their Calendly link, and on the day of the meeting, went to the meeting link that the “investor” had added. In most cases, this is normal – a link to a Zoom or Google Meet is not unusual. And because the user had already spoken to the person via Telegram and seemed legitimate, there was no reason to think twice about this.
The sinister scheme was revealed when links failed
Only when the person went to click the link and when the “investor” didn’t show up, did he contact him on the same Telegram thread. The “investor” apologized for the inconvenience and sent a new link, explaining there was an issue with IT.
However, the link still did not work, and the meeting never happened, with the “investor” asking to reschedule. It dawned on the person a little afterward that this may have been a hack attack, via an Apple Script (file extension “.scpt”) that downloads and executes a malicious Trojan made to run on macOS systems.
Hacker Google Meet request (SlowMist) (Kurt “CyberGuy” Knutsson)
MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES
How quick action foiled a Mac malware attack
Because the person who was the target of this attack promptly backed up their data upon realizing the attack, it prevented the loss of evidence regarding the actual malware downloaded onto their macOS. Cybersecurity firms were able to analyze the script information, which led them to identify similarities with previous attacks carried out by the same group and warn the public.
Security alert (SlowMist) (Kurt “CyberGuy” Knutsson)
MORE: HOW TO PROTECT YOUR MAC FROM THE NEW METASTEALER MALWARE
The perpetrators are a hacker group from North Korea
A cybersecurity firm discovered a phishing attack in 2023 that was carried out by state-sponsored hackers from North Korea, specifically a subgroup of the notorious Lazarus group. This group typically targets financial gains, aiming to steal money or cryptocurrency to fund the North Korean military regime.
In this particular attack, the North Korean hackers exploited the “Add Custom Link” feature within the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. They also employ similar tactics on Telegram.
This incident underscores the importance of vigilance and robust security measures to safeguard against cyberthreats, especially those originating from state-sponsored actors.
Add Custom Link feature (SlowMist) (Kurt “CyberGuy” Knutsson)
Calendly’s response to malware attacks
We reached out to Calendly, and their CISO (chief information security officer), Frank Russo, provided us with this statement.
“We’re aware of these types of social engineering attacks by cryptocurrency hackers. This attack violates our Terms of Use, and accounts are immediately terminated when discovered or reported. To help prevent these kinds of attacks, our security team and partners have implemented a service to automatically detect fraud and impersonations that could lead to social engineering. We are also actively scanning content for all our customers to catch these types of malicious links and to prevent hackers earlier on. Additionally, we intend to add an interstitial page warning users before they’re redirected away from Calendly to other websites.”
How to protect yourself against cyberthreats
MacOS users tend to experience fewer malware attacks than PC users. But this idea can make MacOS users more vulnerable to attacks because they may feel they are simply safe. Because hackers are getting more and more sophisticated, it’s important never to let your guard down and to follow these precautions.
Be cautious with links: If you receive a Calendly link from an unfamiliar sender, refrain from clicking on any embedded links, even if the sender appears trustworthy. Additionally, exercise vigilance when dealing with phishing emails or messages related to crypto exchanges or wallets, as they may contain malicious attachments or links with malware. When using Calendly, take note of the source and domain of any links you encounter on the interface. Before clicking, hover your mouse over the text to verify the link address and avoid accessing potentially harmful phishing links.
Send meeting links yourself: Whenever possible, send the meeting link directly to the person scheduling the call. This minimizes the risk of accidentally clicking on malicious links.
Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Mac, Windows, Android & iOS devices.
Perform regular updates: Regularly update your operating system and security software to stay ahead of potential vulnerabilities.
Have strong passwords and use two-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And two-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.
Person typing on a laptop (Kurt “CyberGuy” Knutsson)
MORE: DON’T FALL FOR THESE SNEAKY TAX SCAMS THAT ARE OUT TO STEAL YOUR IDENTITY AND MONEY
Kurt’s key takeaways
As long as there is money and information to steal online, hackers will stop at nothing to trick innocent people into downloading malware onto their devices. So, stay up to date with the latest threats so that you can ensure you’re doing everything to protect yourself.
Have you encountered suspicious meeting requests via Calendly or other scheduling apps? Do you think the app companies should do more to verify the authenticity of such links? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
When Oregon resident Isabelle Reksopuro heard Google was gobbling up public land to fuel its data centers in her home state, she didn’t initially know what to believe. “There’s a lot of misinformation about data centers,” she said. “Google has denied taking that land.”
Technically, she explains, The Dalles, a city near the Washington state border, sought to reclaim that land, “and Google is just a big, unnamed power user.” The city had in fact asked for ownership of a 150-acre portion of Mount Hood National Forest, claiming it needs access to Mount Hood’s watershed to meet municipal needs as its population — 16,010 as of the 2020 census — grows. But critics, including environmentalists, say the city is trying to secure more water for Google, which has a sprawling data center campus in The Dalles that already consumes about one-third of the city’s water supply.
This controversy made Reksopuro curious about the backlash to data centers being built in other communities. So Reksopuro, a student at the University of Washington who studies the connections between tech and public policy, decided to map it out. Using information collected by Epoch AI and data scraped from legislation on data centers, she built an interactive map tracking AI policy around the world. She designed it to be simple enough for anyone to use. “I wanted it to be something that my younger sisters could play through and explore to understand what are the data centers in the area and what’s actually being done about it,” Reksopuro said. She hoped to shift their opinions that way, “instead of like, through TikTok.”
Four times a day, the map searches for new sources and checks them against the existing database Reksopuro built out. “Once it does that, it will write a new summary, add it to the news feed, and populate it on the sidebar,” she said. “I wanted it to be self-updating, since I’m also a student.”
Reksopuro isn’t against data centers, but she thinks tech giants benefit from a lack of transparency around data center policies. “Right now, it’s this really opaque thing — and all of a sudden, there’s a facility,” she said. “I think that if people knew about data centers beforehand, it would give them leverage. They would be able to negotiate: ask for job training programs, tax revenue, environmental monitoring, things to improve their community.”
UCF commencement speaker Gloria Caulfield (University of Central Florida via Storyful)
NEWYou can now listen to Fox News articles!
Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.
IN TODAY’S NEWSLETTER:
– UCF graduates clobber commencement speaker with boos after she says AI is the ‘next Industrial Revolution’
– OPINION: DIRECTOR KASH PATEL: We brought the FBI out of the past and into the AI age
– OpenAI backs creation of global AI governance body led by the U.S. that would include China as a member
TOUGH CROWD: During a recent commencement ceremony at the University of Central Florida, a speaker was met with loud boos from the graduating class after declaring that artificial intelligence represents the next industrial revolution. Fox News Digital reporting captures this tense cultural moment, illustrating the mixed public sentiment and skepticism surrounding AI’s growing footprint in daily life.
A statue on the campus of the University of Central Florida in Orlando, Florida. (iStock)
BADGE MEETS BYTE: Reflecting on the modernization of national security in a Fox News op-ed, FBI Director Kash Patel explores how the bureau must adapt its strategies to address modern threats and advance beyond the artificial intelligence age.
TECH DIPLOMACY: OpenAI is throwing its support behind the establishment of a new global artificial intelligence governance organization that would be led by the United States while notably including China as a member. Fox News Digital reporting examines the geopolitical dynamics and regulatory implications of this proposed framework as global powers race to set the standards for AI development.
EQUITY ELEVATION: The massive wave of wealth generated by the explosive growth of ChatGPT and the broader AI industry is driving a sudden surge in the San Francisco Bay Area’s luxury real estate market. Fox News Digital reporting breaks down how the influx of new tech capital is reshaping local housing dynamics and fueling a high-end property frenzy.
FBI Director Kash Patel listened as Acting Attorney General Todd Blanche spoke during a press conference at the Department of Justice on April 28, 2026, in Washington, D.C. (Tasos Katopodis/Getty Images)
STRATEGY RESET: Tech giant Cisco is planning to eliminate thousands of jobs as the company shifts its primary focus to accelerate its artificial intelligence initiatives, a move that comes despite the company beating earnings expectations. Fox News Digital reporting details the corporate restructuring and broader economic trends pushing legacy tech firms to aggressively pivot toward AI.
ROAD HAZARD: Waymo is issuing a sweeping recall of its autonomous vehicle fleet following a concerning incident that highlighted significant safety issues with the self-driving technology. Fox News Digital reporting outlines the specifics of the recall, the nature of the safety flaw, and what this setback means for the future of fully autonomous transportation on public roads.
BOTS IN THE BAY: A newly developed, artificial intelligence-powered robot has been engineered to seamlessly change and balance vehicle tires without human intervention. Fox News Digital reporting showcases this latest innovation, exploring how automation and AI mechanics could soon revolutionize the automotive service and repair industry.
OpenAI CEO Sam Altman speaks during the 2026 Infrastructure Summit in Washington, D.C., on March 11, 2026. (Kylie Cooper/Reuters)
FOLLOW FOX NEWS ON SOCIAL MEDIA
YouTube
SIGN UP FOR OUR OTHER NEWSLETTERS
Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health
DOWNLOAD OUR APPS
Fox News
FOX Business
Fox Weather
Fox Sports
Tubi
WATCH FOX NEWS ONLINE
Fox News Go
STREAM FOX NATION
Fox Nation
Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.
Microsoft Edge is adding a new feature that will allow its Copilot AI chatbot to gather information from all of your open tabs. When you start a conversation with Copilot, you can ask the chatbot questions about what’s in your tabs, compare the products you’re looking at, summarize your open articles, and more.
In its announcement, Microsoft says you can “select which experiences you want or leave off the ones you don’t.” The company is retiring Copilot Mode as well, which could similarly draw information from your tabs but offered some agentic features, like the ability to book a reservation on your behalf. Microsoft has since folded these agentic capabilities into its “Browse with Copilot” tool.
Several other AI features are coming to Edge, including an AI-powered “Study and Learn” mode that can turn the article you’re looking at into a study session or interactive quiz. There’s a new tool that turns your tabs into AI-powered podcasts as well, similar to what you’d find on NotebookLM, and an AI writing assistant that will pop up when you start entering text on a webpage.
You can also give Copilot permission to access your browsing history to provide more “relevant, high-quality answers,” according to Microsoft. Copilot in Edge on desktop and mobile will come with “long-term memory” as well, which can tailor its responses based on your previous conversations. And, when you open up a new tab, you’ll see a redesigned page that combines chat, search, and web navigation, along with the Journeys feature, which uses AI to organize your browsing history into categories that you can revisit.
Meanwhile, an update to Edge’s mobile app will allow you to share your screen with Copilot and talk through the questions about what you’re seeing. Microsoft says you’ll see “clear visual cues” when Copilot is active, “so you know when it’s taking an action, helping, listening, or viewing.”
-
Education5 minutes agoUniversity of Chicago Makes Tuition Free for Families Making Under $250,000
-
Technology11 minutes agoUse this map to find the data centers in your backyard
-
World17 minutes agoNon-Jewish professor says he was fired for calling out Hamas supporters in online post
-
Politics23 minutes agoJordan grills Soros-backed DA Descano in heated spat over soft-on-crime policy: ‘This is almost laughable’
-
Health29 minutes agoExperimental obesity drug outperforms traditional weight-loss treatments in early research
-
Sports35 minutes agoLeBron James may be target of apparently leaked Drake song featuring ‘switching teams’ lyric
-
Technology41 minutes agoFox News AI Newsletter: Graduation speaker praises AI, gets instantly booed
-
Business47 minutes ago
LinkedIn, Cisco and Amazon are the latest tech companies laying off more workers
