Google Calendar Abused to Hide Stealthy NPM Malware

A newly discovered malicious package in the NPM ecosystem is leveraging Google Calendar as a covert communication channel, allowing attackers to evade traditional detection mechanisms. The malware uses the calendar service as a “middleman” to receive commands and exfiltrate data, masking its activity behind legitimate infrastructure.

In addition to this novel approach, the package employs Unicode steganography — a technique that hides data within Unicode characters — to further obscure its malicious code from static analysis and automated security tools. This dual-layered evasion strategy enhances the malware’s stealth, posing a significant challenge for developers and security teams.

The use of trusted cloud-based platforms like Google Calendar to facilitate malware operations reflects a growing trend in cyber threats exploiting widely used services. Security researchers are urging developers to audit dependencies and monitor unusual behaviors in their applications. The full details of the campaign, including its origin and scope, remain under investigation.

More information is available at SCWorld.com.