APT41 Strikes Again: ToughProgress Malware Turns Google Calendar Into a Hacktivist’s Dream

APT41 has a new party trick: using Google Calendar for sneaky command-and-control operations with their malware, ToughProgress. By hiding behind a trusted service, they make it tough for security products to catch on. But Google played bouncer, booting them out and tightening the guest list for future events.

3P
Published: May 28, 2025 10:13 pmAdded: May 28, 2025 at 3:32 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Ah, the classic tale of hackers and their creative pursuits! This time, our villains have found a way to exploit Google Calendar, giving a whole new meaning to “save the date.” It’s like these cyber criminals are trying to organize the world’s most exclusive secret event, and only malware is invited. Next thing you know, they’ll be sending malware RSVPs for virtual parties. Talk about getting ghosted!

Key Points:

  • APT41 is using a new malware, ‘ToughProgress,’ to exploit Google Calendar for C2 operations.
  • Google’s Threat Intelligence Group discovered and dismantled the malicious infrastructure.
  • This isn’t the first time APT41 has manipulated Google services; they previously exploited Google Sheets and Drive.
  • The attack begins with a malicious email containing a ZIP file that includes a primary payload disguised as a JPG image.
  • Google has taken steps to prevent future abuses, including updating their Safe Browsing blocklist.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?