Careful! That calendar notification could be loaded with malware - here's how to stay safe

1. Pro
2. Security

Careful! That calendar notification could be loaded with malware - here's how to stay safe News By Sead Fadilpašić published 1 December 2025

Calendar invitations should be treated as emails, researchers say

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock/ACTS_DATA STOCK)

• Calendar subscriptions can be hijacked, injecting phishing links or malware into user schedules
• Bitsight found 347 domains affecting around 4 million devices, mostly in the United States
• Not a bug, but risky functionality; users must manage subscriptions carefully

A convenient feature in popular calendar applications can be abused to trick people into clicking on malicious links or giving away sensitive information, researchers are saying.

Most popular calendar apps allow users to subscribe to external calendars, allowing third parties, such as businesses or organizations, to add events directly into the subscribers’ schedule. That can be pretty much anything, from discounts and sales events to public events, holidays, and more.

However, if a business shuts down, or their domain expires, the calendar subscription does not expire with it. If a cybercriminal manages to obtain the domain, they can add events directly into people’s calendars, including links to phishing pages, or sites hosting malware. The same goes for businesses whose infrastructure was hijacked or hacked into.

You may like

• Apple users beware - hackers crack iCloud Calendar invites to sneak malware onto your system, here's how to stay safe
• Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket
• Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know

Risky business

This is according to security researchers Bitsight who claim this is a real problem, currently affecting around four million devices, as the attacks abuse the trust people have in different brands and organizations.

“Our research began with a single domain that we sinkholed, recording 11,000 unique IP addresses per day,” the experts said.

“This domain functioned as a server for a subscribed calendar that distributed German public and school holiday events, and that got our attention. Why would a domain for German holidays, with .ics files, be available?”

They ended up discovering 347 domains, including FIFA 2018 events, Islamic Hijri calendars, and others, connected to approximately four million unique IP addresses, most of which were located in the United States.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Bitsight stresses that this is not a vulnerability or a bug in the calendar apps. It is merely a functionality that inherently comes with risks, and as such, they should be managed by the end users. They also said that the four million possible targets is a severe understatement, since it only covers a fraction of the iPhone ecosystem and doesn’t even include Android.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Malware Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Apple users beware - hackers crack iCloud Calendar invites to sneak malware onto your system, here's how to stay safe    Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket    Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know    Watch out - this fake Microsoft Teams app is actually dangerous malware, here's how to stay protected    Microsoft Teams guest access could let hackers bypass some critical security protections    Excited for your Christmas bonus? So are scammers - so make sure you check your emails carefully    Latest in Security South Korean ecommerce giant Coupang suffers huge data breach - over 33 million accounts affected, here's what we know    Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks    Security researcher uncovers 17,000 secrets in public GitLab repositories    Millions of footballers see info leaked after French Football Federation suffers data breach    Tor adds another layer to the onion with a new relay encryption algorithm - boosting resilience and security across the board    Take extra care shopping for Black Friday deals - experts find thousands of fake websites looking to steal your details    Latest in News Yahoo and AOL mail are down for many – here's what we know about the outage    How to watch Dating Apps: The Inside Story online — it's *FREE* on BBC iPlayer    Windows 11 bug causes password sign-in icon to turn invisible somehow    Shopify is down – here's what we know about its Cyber Monday outage    Holafly debuts its one-of-a-kind eSIM Global Data plan that comes with a phone number    GTA 6 leak supposedly from former Rockstar animator drops new content clues    LATEST ARTICLES

1. 1Age verification or censorship? Missouri's new rules are age-gating way more than adult sites
2. 2Yahoo and AOL mail are down for many – here's what we know about the outage
3. 3Holafly debuts its one-of-a-kind eSIM Global Data plan that comes with a phone number
4. 4Windows 11 bug causes password sign-in icon to turn invisible – but don't worry, Microsoft reassures, just keep clicking, and you'll find it
5. 5South Korean ecommerce giant Coupang suffers huge data breach - over 33 million accounts affected, here's what we know