Google bans sending JavaScript files via Gmail

Through the years, JavaScript has enabled legitimate web developers and software designers to improve their products and provide people with an enhanced usage experience ^[1]. Nevertheless, the easy-to-use functionality of this script has been noticed and acquired by the cyber criminals who have learned to exploit it for their own malicious purposes. Today, there are hundreds of thousands of malware based on JavaScript. In fact, the use of this script has especially spiked up in the last couple of years. You may have probably heard about the infamous Locky virus or Spora ransomware. Yes, these file-locking and ransom-demanding parasites ^[2] initially arrive on the computers with the help of JS files, too, not to mention millions of less serious infections that use their functionalities to get inside computers. Usually, such files are delivered by email, so, mail providers unwillingly become the distributors of the malware. But everything’s about to change as Google has decided to address this problem by blocking the availability of JavaScript distribution on via its Gmail service. Along with .js, Google has also banned a bunch of other applications that are related to spreading malware, including .exe, .jar, .pif and much more.

Google representatives have announced about the upcoming ban on malware distributing files back in January ^[3], and the company sure sticks its promise. Currently, Gmail users can no longer send .js files even in their compressed or archived form. When trying to attach such files, a message “Blocked for security reasons” will immediately pop-up and block further actions. The automatic filter will also prevent the opening of older emails that contain such files by dropping the following message: “1 attachment contains a virus or blocked file. Downloading this attachment is disabled.” ^[4]

Of course, there are still ways to work around this ban, since .js files can be stored and shared via Google Drive or Google Cloud Storage. Despite that, it is a significant step towards a safer email environment which will undoubtedly help curb the malware distribution. Nevertheless, you should not relax and stay vigilant — malware developers are creative, and it is only a matter of time until they find new ways to infiltrate computers.