Search

Promptware Leveraged Google Calendar Invites in Credential Harvesting Campaign

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Platform Tied to Ransomware Gangs

What happened Microsoft unsealed a legal case in US District...
Read more
Cyber threats and incidents

TrickMo Android Banker Adopts TON Blockchain for Covert Command-and-Control

What happened ThreatFabric has identified a new variant of the...
Read more
Cyber threats and incidents

JDownloader Website Hacked to Replace Installers With Python RAT Malware

What happened The official JDownloader website was compromised between May...
Read more
Cyber threats and incidents

Attackers Abuse Google Ads and Claude.ai Shared Chats to Push Mac Malware

What happened An active malvertising campaign is abusing Google sponsored...
Read more
Cyber threats and incidents

New TCLBanker Malware Self-Spreads Over WhatsApp and Outlook

What happened Elastic Security Labs has documented a new Brazilian...
Read more

Share

What happened

Security researchers from ReversingLabs have uncovered a malicious campaign in which threat actors used Google Calendar invites created by a service called Promptware to distribute credential harvesting links. According to the report, the campaign involved automated creation of calendar events that included URLs pointing to phishing pages designed to collect login credentials from unsuspecting recipients. These invites were sent to large numbers of users, and because they originated from legitimate calendar infrastructure, recipients often saw them in their Google Calendar interfaces without triggering typical email-based phishing filters. Users who clicked the links in the event details were directed to fake login portals where credentials could be captured by the attackers. Researchers noted that the use of authentic Google Calendar invites enabled the distributors to evade some traditional security controls and improved the likelihood of users interacting with the malicious content.

Who is affected

Users who received and interacted with the malicious Google Calendar invites are affected, as clicking the embedded links and entering credentials on the phishing pages can result in unauthorized account access.

Why CISOs should care

The abuse of trusted collaboration and scheduling platforms like Google Calendar to deliver credential harvesting lures shows how threat actors are exploiting diverse communication channels to bypass traditional email-centric defenses and reach users through other trusted workflows.

3 practical actions

  • Audit calendar integrations. Review third-party services that can create events on behalf of users to detect unauthorized invite generation.
  • Monitor for unsolicited invites. Detect spikes in calendar events with links that originate from outside known internal sources.
  • Educate users on invite safety. Inform stakeholders about the risks of clicking links embedded in unsolicited meeting invitations.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Lazarus Group’s GraphAlgo Fake Recruiter Campaign Targets Organizations
Next article
Palo Alto Networks Firewall Reboot Loop Flaw Affects Next-Generation Devices

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.