A Security Flaw In ‘Manage Versions’ Feature Of Google Drive Could Allow Malware Attackers Trick Victims Into Installing Rogue Code

Google Drive may have a way that can allow malware attackers to trick victims to install malware. Malware attackers can exploit an unpatched security flaw in Google Drive to distribute malicious files disguised as legitimate files that will allow attackers to perform spear-phishing attacks. Security researcher A. Nikoci told The Hacker News that a flaw in the manage versions feature in Google Drive can enable threat actors to swap a file with malware. He also reported this flaw to Google. The manage versions functionality allows users to upload as well as manage various versions of a file, and in the way, its interface offers a new version of files. It is important to note that Google is aware of this security flaw, however, it has been left unpatched.

Logically, the feature should let users update an older version of a specific file with a new version of that file having the same file extension, however, it turns out that this is not the case. According to A. Nakoci, the affected feature of Google Drive enables its users to upload a new version of a file with any file extension on the cloud storage. Nikoci also told that Google allows users to change the version of a file without checking if it is the same type. The cloud storage service does not even force the same extension type.

Nikoci shared demo clips, and according to those videos, a legitimate version of a file that has already been shared with a group of Google Drive users can be replaced with a malicious file. Furthermore, the online preview also does not indicate new changes or raise any alarm. However, when installed, the file could be employed to infect the systems.

The approach could be used for highly effective spear-phishing attacks that trick people into compromising their systems. Spear-phishing attacks usually attempt to trick victims into opening malicious links. Those malicious links can also be used to get the victim to unknowingly install malware on their device that can provide the hacker access to the victim’s computer and other sensitive data. Currently, the best solution is to use an antivirus and be wary of Drive file update alerts. Recently, Google also fixed a flaw impacting G Suite and Gmail users that could have let threat actors send spoofed emails even when strict security policies such as DMARC or SPF are enabled.

Read next: Autofill with Google now allows biometric authentication for all Android 10+ devices

Featured Photo: Thomas Trutschel/Photothek via Getty Images
Previous Post Next Post