Receiving an email with a calendar link to a meeting is now commonplace, but you might want to think twice before clicking on it. That's because hackers have begun using calendar invitations and meeting links to infect unsuspecting users with Mac malware.

As reported by Krebs On Security, cybercriminals are now exploiting the popular scheduling tool Calendly to commit fraud. Like other malware campaigns, this one uses social engineering to find potential targets, but instead of withdrawing funds from bank accounts, it goes after cryptocurrency.

Still, the hackers behind this campaign can pivot to target other types of accounts by using another Mac malware strain. Here is everything you need to know about how this scam works and how to protect yourself and your Apple devices from Mac malware.

Krebs On Security covered this scam firsthand after one of our readers described how he fell for it.

In this campaign, the hackers behind it impersonate cryptocurrency investors and ask you to book a video call. However, this lure can easily be diverted to target other groups of potential victims.

The attack itself began when readers were contacted via Telegram by scammers who wanted to invest in their startup. However, everything seemed fine and they shared Calendly's profile with the scammers.

When it came time for the meeting, the reader clicked on the meeting link, but nothing happened. They contacted the scammer and explained that there was a problem with the video platform. Fortunately, however, their IT person had created another meeting link.

Certainly this should raise suspicion, but the reader clicked on the link without thinking. However, instead of opening the video conferencing app, a message appeared on the Mac saying that the video service was experiencing technical problems. The message also mentioned a script that could be run as a temporary solution to these problems.

By running the script, the reader unwittingly infected their Mac with a dangerous Trojan horse designed to siphon personal and financial data from the device. Unfortunately, the type of Mac malware used in this attack is not known.

As with the best Windows laptops, be especially careful when dealing with links and messages from unknown senders on a MacBook. Hackers use every trick in the book to ensure that phishing emails go undetected.

As a rule of thumb, always hover the mouse cursor over a link to verify the link before clicking on it. Likewise, you can copy the link and paste it into a text editor for further examination. This is because they may be misspelling a popular site and directing you to a phishing page. At the same time, beware of shortened links. This is because, unlike normal links, the destination of the link is not obvious at first glance. For this purpose, it is necessary to use a URL expander service.

In the above scenario, however, you should not run a script on your Mac that was sent to you by someone you do not know personally. Still, for most people, it is best to avoid installing scripts on a Mac altogether.

Macs have built-in malware protection in the form of Apple's own XProtect, but along with that, it might be a good idea to consider installing one of the best Mac antivirus software solutions. In addition, many Mac antivirus products come with additional security tools such as password managers and VPNs.

The days of being safe from malware if you use a Mac are officially over. But by improving your cyber hygiene and thinking before you click, you can avoid falling victim to a nasty malware infection.