A vulnerability has emerged that allows hackers to download malware to a victim’s computer from a Google Drive URL. malware

Proofpoint discovered the vulnerability and created a proof-of-concept exploit for the specific issue. The dev platform is based on JavaScript and allows the creation of both stand alone web apps as well as extensions to various elements of the Google Apps SaaS (Software as a service) ecosystem. Unfortunately, the normal document-sharing capabilities built into Google Apps can be manipulated in such a way as to support automatic malware downloads, the firm stated.

It works as follows: After uploading malicious files on Google Drive, the bad guys could create a public link and share an arbitrary Google Doc as a bait in social engineering schemes designed to convince others to execute the malware once it has been downloaded.

Proofpoint researchers further confirmed that it was indeed possible to trigger exploits without any user interaction – a big problem.

These attacks come from legit sources and the hyperlinks themselves contain no malware, making them incredibly difficult to detect. Thus, malicious use of builtin scripting capabilities in SaaS platforms flies well under the radar of most users and antivirus software.

After being notified of the issue, Google added specific restrictions on triggers to block phishing and malware distribution attempts that are executed by opening a doc. That being said, researchers pointed out that the situation shows that SaaS platforms can in fact be used to deliver malware to unsuspecting individuals in even more powerful ways than Microsoft Office macros, which is saying a lot.

Thus, users should always be wary of files automatically downloaded by cloud platforms as well as be cognizant of the basic anatomy of a social engineering attack.



CryptoBuzz News Network


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.