Hacker groups are now eyeing your Google Calendar to bypass the device security and steal information. They have devised a dangerous malware called TOUGHPROGRESS that primarily targets government websites and holds them to ransom in exchange for giving them back the access. 

This is not the first sighting of the malware, and the Google Threat Intelligence team claims the first incident of the APT41 hacking group was reported back in October 2024. Now, the same group is exploiting the Calendar app to breach the system defenses and attack the victims.

New Google Calendar Malware Issue: How It Works 

The details from the cyber security group at Google suggests the malware is directed at targeted systems using the conventional phishing email method. The group sends the pointed email with the objective to get the victim to open the affected website where the malicious ZIP file with PDF and fake images triggers the malware into action. 

And once the TOUGHPROGRESS malware bypasses all the checks, it tries to access the Calendar app of the victim to not only steal data but take control over the system by sending commands. The fake Calendar app also creates events with data embedded into them.

This isn’t the first Google product to be targeted by the hacker group. The APT41 group used Google Drive to inflict similar attacks on government entities using Google Sheets and more. 

Not In Danger 

Google is aware of these exploits and assures users that the hacking group’s methods have been handled as the Calendar app attack is no longer active. The company has even informed the businesses who might have been targeted with this malicious campaign. However, Google is finding it hard to ascertain the level of damage the APT41 hacking group might have inflicted till date. 

Google has strong advice for people to avoid falling prey to these attacks: 

Expect more details from Google once the severity and impact of the malware campaign is addressed and rectified.