Loading...

Google is "helping" hackers to infect your devices using Google Drive

Google is "helping" hackers to infect your devices using Google Drive

Our cybersecurity team discovered that Google Drive is "helping" hackers through a vulnerability that allows any hacker to auto-download any malware they want inside victims computer using a Google Drive URL.
The exploit is located inside Google Apps Script, which is designed in JavaScript to allow users to quickly create standalone web apps and extensions that use Google Apps SaaS ecosystem.

This easy to use feature has his limitation trading security for functionality, living it exposed for exploitation by hackers will.
Our experts have discovered two ways of attack, in first multiple malicious files and malware software were uploaded on Google Drive then send to the victims using public links from Google Doc to convince receivers to execute the malware once it has been downloaded.
The second way of attack is more sophisticated and more dangerous as well because it takes advantage of SaaS platforms options and features to auto-download any malware in victims computer from links in which no presence of the actual malware is detected making them safe trough security checks.

Google quickly patched the flow by adding some restrictions when a .doc file is opened from their platform to stop phishing campaign and malware distribution from its services. This patch doesn't do much because the rest of the features that permit auto download of files are still available for further auto malware download.
"This is a perfect example of how cybercriminals could weaponize systems, and it's all because technology including both software and hardware doesn't have a plan in which strong security is to build around new features.
The way of approach is the most significant bug here because in way too many cases functionalities that add essential profit or develop rapidly because of the market demand is living them unsecured.
In order to be safe in front of threats like this, it is imperative to add an extra layer of security to your systems using a top antivirus before going out on the cyber web" our CEO says.

CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte