Malware attackers may exploit an unprecedented vulnerability in Google Drive to spread malicious files that are disguised as legitimate documents or images, allowing bad players to execute spear-phishing attacks at a high spear rate of success.

Google’s “Manage Version” Feature

The latest security issue — which Google does know, however, is unpatched — lies in Google’s “manage version” feature, which allows users to upload and manage versions of files and in the way their interface provides users with a new version of files.

Logically, Google Drive users should be able to update an older version of a new version with the same file extension functionally, but this turns out to be not the case.

The affected users are technically allowed to upload a new version with a file extension for every current cloud storage file or with an unsafe executable, according to Nikoci, a system administrator by profession, who disclosed the bug to Google and later revealed it.

As illustrated in Nikoci’s demo video, it may replace a legitimate version of the file which has already been shared by a group of users with a malicious file that does not warn or updated when previewed online but that is used to infect targeted systems when downloaded.

Needless to say, the issue lets the door open for highly efficient spear phenomena that benefit from the proliferation of cloud services like Google Drive for malware delivery.

Google Drive Malware Delivery Demo 1

Google Drive Malware Delivery Demo 2

Google Drive Malware Delivery Demo 2

Google recently revised a security bug in Gmail that could have made an attacker threatening to email annoyances that would mimic any user of the Gmail or G Suite, even when strict DMARC / SPF protection policies are activated.

Malware Hackers & Google Drive

Spear-phishing scams usually aim to trick recipients into opening malicious attachments or by clicking on seemingly harmless links and thus supply the attacker with sensitive data, such as account credentials.

Links and attachments may also be used to create a malware download that enables the intruder to gain access to the user’s computer system and other confidential details.

There is no difference between this new security problem. The upgrade functionality of Google Drive is intended to be a convenient method of upgrading shared files and of replacing a new version of the program with the document. This helps you to update the shared file without altering its link.

Nevertheless, this can have potentially dangerous implications for users of the shared file who end up downloading the document on notification of the changes via e-mail and unintentionally infect their systems with malware without authorization for file extensions.

It may be used to launch whaling attacks, a phishing technique commonly used by cyber-criminal groups to disguise as senior management in an enterprise and threaten specific individuals, in the hope of stealing information confidential or gaining access to their computer systems for criminal purposes.

Worse, even if other anti-virus programs detect them as malicious, Google Chrome seems implicit to trust files downloaded from Google Drive.

Cloud Services Became An Attack Vector

While there is no proof that this flaw is exploited in the wild, it wouldn’t be difficult for assailants to repurpose it for them provided that cloud services in many spear-phishing attacks in recent months have been a tool for malware distribution.

With scammers and criminals taking every move to mask their evil intentions, it is crucial that users track suspicious emails, including alerts on Google Drive, to minimize all possible dangers.

Leave a reply

Please enter your comment!
Please enter your name here