Can you get hacked via your calendar?

Malicious software reinvents itself every day, breaking down its components to the bare minimum or hiding its traffic in the most unexpected places, like DNS records.

We decided to take it a step further and created MFT, a malware strain that abuses distributed systems like Codex, Cloudflare R2 buckets, IPFS and even Google Calendar, to demonstrate how far this can go.

To the outside world, all traffic seems to originate from reputable, legitimate services, but behind the curtain, something far more evil is going on.

Here’s our talk at the Data Duplication Village at DEF CON 33, hope you enjoy it!