Ddos 
Pushground selling calendar event space to promote a VPN | Image: Bitsight
A new investigation by Bitsight TRACE has uncovered a subtle yet scalable attack vector: malicious calendar subscriptions. Researchers found that dedicated infrastructure and expired domains are being used to push spam, phishing links, and potentially malicious commands to over 4 million iOS and macOS devices daily.
Unlike traditional email phishing, which users are trained to spot, calendar events exploit an inherent “misplaced trust” in system notifications.
The core of this threat lies in how devices handle calendar subscriptions. When a user subscribes to a calendar (often tricked by a deceptive pop-up or “captcha” check on a website), their device periodically syncs with the hosting domain to fetch new events.
Bitsight’s research sinkholed 390 such domains. They discovered that even if a legitimate calendar domain expires, it can be re-registered by attackers. Since subscribed devices continue to poll these domains forever, attackers can instantly push malicious events to millions of users without any further interaction.
“Once a calendar is subscribed to, the device will continue to automatically make sync requests to the domain, allowing cybercriminals to exploit ongoing calendar subscriptions to promote content to users without requiring any approval.“
Perhaps the most alarming evolution is the potential for “Promptware”. As AI assistants like Google Gemini increasingly integrate with personal data, they become vulnerable to indirect prompt injection.
Researchers demonstrated that an attacker could embed a malicious prompt within a calendar event description (e.g., a hidden jailbreak command). When a user asks their AI assistant, “What’s on my calendar today?”, the AI parses the malicious text, triggers the jailbreak, and could be manipulated into performing unauthorized actions like sending emails or deleting data.
“If a user were to ask their AI assistant (e.g., Gemini) to summarize upcoming events, the LLM would parse the calendar, trigger the crafted jailbreak, and potentially be exploited to perform malicious actions.“
This attack persists because users often don’t know they are subscribed.
Donate