Hackers may exploit a weakness in Google Drive to spread malware

The unpatched security flaw can allow attackers to send malicious documents and images with malware scripts

The security bug in Google Drive can allow malware distributionHackers can exploit the security flaw and spread malicious code via Google Drive Manage versions functionality. The issue that resides in “manage versions”[1] functionality of Google Drive can allow attackers to distribute malicious files disguised as documents or images.[2] This method provides the opportunity to perform a spear-phishing attack that injects malicious code on the system eventually.

The feature that includes this security bug is created for managing and uploading various versions of the file. It allows users to see changes made to the file in Drive and keep track of the people that changed anything. Editing, commenting in Google Docs, renaming those files or folders, moving data around, or removing files entirely shows up there.

System administrator Nikoci[3] told news sources that this vulnerability in Google Drive can be misused by hackers who aim to distribute malicious files around. According to him, Google was already informed about the security bug. The company has patched similar security flaws regarding their products in the past.[4]

The serious issue starts with filetype details

The fact noted by various researchers after the discovery is an issue regarding the function and file formats. It was believed that the functionality depends on the file updating function with the same version of the file extensions, but it seems that Google Drive manage versions function is not focusing on that. Users can upload a new version of the file or folder in the Drive with any file extension. It means that malicious executable also can get uploaded on the cloud storage.[5]

Some demonstrational videos show that a legitimate version of the document or the image is shared with users, and then it can be replaced with a malicious one. This change might not be alerted or raise many questions, but once the files get downloaded, it infects the targeted system with malware. This method can be sued to distribute all sorts of dangerous infections.

Cloud services – attractive targets for hackers

Such spear-phishing attacks can be highly effective and widespread, so cloud services like Google Drive get exploited for malware distribution often. Typically such phishing attacks target users and tries to trick them into opening malicious attachments or visiting dangerous sites. This is an easy technique that allows hackers to obtain confidential information, account details, logins, and other credentials. People download malware unknowingly and might provide the attacker access to the computer.

It is not proved that the flaw got used by any attacker, but it is not that difficult to exploit in the wild. Earlier Google Drive was used in a phishing campaign that allowed attackers to download a password stealer. Threat actors also use such platforms to send spam emails with malware-related files and sites. Dropbox and Google Drive are the most exploited cloud storage services regarding such phishing pages.

Scammers remain targeting companies like Google and other sharding services, so this is common and becomes more common each year. These issues and exploitation require a major change. The best suggestion, in this case, is to use the proper anti-malware software and implement security and alert systems.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions