According to Foresight News, the SlowMist security team has discovered that a hacker group is exploiting the Calendly app's features to launch phishing attacks by inserting malicious links into event pages using the 'Add Custom Link' function. Calendly is a popular free calendar application used for scheduling meetings and events, often utilized by organizations for booking activities or sending invitations to upcoming events. The hacker group's malicious links blend well with the daily work background of most victims, making them less suspicious and more likely to be clicked on inadvertently, leading to the downloading and execution of malicious code and subsequent losses.
The SlowMist security team advises users to be cautious when using Calendly and to pay attention to the source and domain of any links on the interface to avoid falling victim to attacks. Before clicking on a link, users can hover their mouse over the text, which will display the corresponding link address in the bottom left corner of the browser. Carefully check the link address before clicking to avoid accessing phishing links.