New Delhi, May 30, 2025 – Cybersecurity experts have uncovered a new wave of cyberattacks linked to a malicious software named TOUGHPROGRESS, engineered by the notorious hacker group APT41. This alarming malware campaign is reportedly targeting Google Calendar, exploiting the platform to infiltrate high-security systems, particularly government websites—and demand ransom in exchange for restored access.
The findings were revealed by cybercrime investigators working in collaboration with Google’s Threat Intelligence team, who have been monitoring the group’s activities since their first detected attack in October 2024.
How Hackers Are Using Google Calendar as a Weapon
According to Google’s internal cybersecurity division, the attackers are deploying a refined phishing technique. It begins with a deceptive email containing links to websites hosting infected ZIP files. These files, disguised as PDFs and images, trigger the TOUGHPROGRESS malware when opened.
Once active, the malware seeks out the user’s Google Calendar app, injecting malicious commands and even creating fake events embedded with hidden data. This not only allows attackers to siphon sensitive information but also gives them remote control of the compromised system.
APT41 has a known history of targeting Google services. In prior campaigns, the group used platforms like Google Drive and Sheets to distribute malware to government agencies.
Google’s Response and What Users Should Know
Google has confirmed the existence of this security threat but assures users that the Google Calendar-based vulnerability has been patched. The company has already notified potentially affected organizations and emphasized that the malware campaign is no longer active.
Still, the full scope of damage caused by APT41’s campaign remains unclear, as investigations continue.
Cybersecurity Tips from Google
To prevent falling victim to similar threats, Google recommends the following:
Avoid opening links or attachments from unfamiliar sources.
Regularly update systems and use trusted threat detection tools.
Monitor system access logs for suspicious activity.
