A vulnerability has emerged that allows hackers to download malware to a victim’s computer from a Google Drive URL.
It works as follows: After uploading malicious files on Google Drive, the bad guys could create a public link and share an arbitrary Google Doc as a bait in social engineering schemes designed to convince others to execute the malware once it has been downloaded.
Proofpoint researchers further confirmed that it was indeed possible to trigger exploits without any user interaction – a big problem.
These attacks come from legit sources and the hyperlinks themselves contain no malware, making them incredibly difficult to detect. Thus, malicious use of builtin scripting capabilities in SaaS platforms flies well under the radar of most users and antivirus software.
After being notified of the issue, Google added specific restrictions on triggers to block phishing and malware distribution attempts that are executed by opening a doc. That being said, researchers pointed out that the situation shows that SaaS platforms can in fact be used to deliver malware to unsuspecting individuals in even more powerful ways than Microsoft Office macros, which is saying a lot.
Thus, users should always be wary of files automatically downloaded by cloud platforms as well as be cognizant of the basic anatomy of a social engineering attack.
CryptoBuzz News Network