A security vulnerability in Google Drive can be exploited by attackers to distribute malicious files disguised in the form of documents or images, enabling bad actors to carry out phishing attacks with a relatively high success rate.
The latest security problem lies in the version management function provided by the (Google Drive) service, which allows users to download and manage different versions of the file, as well as in the way its interface provides a new version of files to users.
Logically, the version management function should allow Google Drive users to update an old version of a file with a new version that has the same file extension, but it turns out that is not the case.
And according to For reports, There is a flaw in the version management feature, which could allow attackers to swap a legitimate file with malware.
And it is said: The cloud storage service from Google does not check whether the file is of the same type, or even imposes the same extension.
The online preview doesn’t hint at any changes or trigger alerts, so you might not know there’s a problematic file until you install it.
It appears that the Google Chrome browser implicitly trusts the files downloaded from the Google Drive service even when other antivirus programs detects something incorrect.
This method can be used for phishing attacks that trick users into compromising their systems, and you may receive a notification to update the document and obtain the file without realizing the threat.
This would be primarily useful for attacking companies that rely on Google Drive to share documents.
And the best solution at the present time may be to use anti-virus software and beware of (Google Drive) file update alerts, especially if you were not expecting it.
As shown in the explanatory videos, a legitimate copy of the file shared among a group of users can be replaced with a malicious file, which when viewed online does not display an indication of the recent changes, but can be used to infect target systems.
This issue leaves the door open to highly effective phishing campaigns that take advantage of the ubiquity of cloud services, such as Google Drive, to distribute malware.
This development comes at a time when Google recently fixed a security flaw in the Gmail service that allowed attackers to send phishing emails that simulate any Gmail or G Suite client, even when the Mail Delivery Guarantee and Spoofing Prevention (SPF) policies are enabled. And Domain-based Message Authentication, Reporting, and Correspondence (DMARC).