This Google Drive security flaw can allow attackers to add infected files inside ones that already shared with users.
The issue that resides in “manage versions”functionality of Google Drive can allow attackers to distribute malicious files disguised as documents or images. This method provides the opportunity to perform a spear-phishing attack that injects malicious code on the system eventually.
The feature that includes this security bug created for managing and uploading various versions of the file. It allows users to see changes made to the file in Drive and keep track of the people that changed anything. Editing, commenting in Google Docs, renaming those files or folders, moving data around, or removing files entirely shows up there.
System administrator Nikocitold news sources that hackers who aim to distribute malicious files around can misuse this vulnerability in Google Drive. According to him, Google already informed about the security bug. The company has patched similar security flaws in their products in the past.
The serious issue starts with filetype details
The fact noted by various researchers after the discovery is an issue about the function and file formats. It was believed that the functionality depends on the file updating function with the same version of the file extensions, but it seems that Google Drive manage versions function is not focusing on that. Users can upload a new version of the file or folder in the Drive with any file extension. It means that malicious executable also can get uploaded on the cloud storage.
Some demonstrational videos show that a legitimate version of the document or the image shared with users, and then it can replaced with a malicious one. This change might not alerted or raise many questions, but once the files get downloaded, it infects the targeted system with malware. This method can sued to distribute all sorts of dangerous infections.
Cloud services – attractive targets for hackers
Such spear-phishing attacks can highly effective and widespread, so cloud services like Google Drive get exploited for malware distribution often. Typically such phishing attacks target users and tries to trick them into opening malicious attachments or visiting dangerous sites. This is an easy technique that allows hackers to get confidential information, account details, logins, and other credentials. People download malware unknowingly and might provide the attacker access to the computer.
It not proved that the flaw got used by any attacker, but it is not that difficult to exploit in the wild. Earlier Google Drive used in a phishing campaign that allowed attackers to download a password stealer. Threat actors also use such platforms to send spam emails with malware-related files and sites. Dropbox and Google Drive are the most exploited cloud storage services on such phishing pages.
Scammers remain targeting companies like Google and other sharding services, so this is common and becomes more common each year. These issues and exploitation need a major change. The best suggestion, in this case, is to use the proper anti-malware software and install security and alert systems.