A Google Drive flaw can allow hackers to install malicious file. The hacker’s tricks you to install rouge code. Malware attackers can exploit an unpatched security weakness in Google Drive. This malware distributes malicious files as legal documents or images which allows the hackers to make phishing attacks.
Google Drive flaw can Install Malware
The latest security issue of Google is aware of it but, it has left unpatched resides in the “manage versions“. It is functionality in Google Drive, which allows the users to upload and manage different versions of the file. Normally, this functionality allows the users of Google Drive to update the older version to the latest version of the file with the same file extension. But in this latest issue, this is not happening.
A. Nikoci, a system administrator, has reported about the flaw in Google Drive. The administrator said that the affected function allows the users to upload a new version with any file extension for any file which is there on the cloud storage.
Nikoci has shared a demo video with The Hacker News website and showed about the malware. The malware file can replace the legal version of the file, which is already shared with a group of users. When the file is previewed online, it won’t show any changes, but when the file is downloaded, it can infect the targeted systems.
A Nikoci said,
“Google lets you change the file version without checking if it’s the same type. They did not even force the same extension.”
This issue can be highly effective in spear-phishing campaigns which takes advantage of widespread in services like Drive to distribute malware.
Recently, Google has fixed a security flaw in Gmail, which allowed the hacker to send spoofed emails to any Gmail or G Suite customer even when the security policies are enabled.
This security flaw can be used for attackers to attack those companies which rely on Google Drive to share documents. As per the reports, this issue would need a change to Drive’s version.