27th August 2020, Kathmandu
Google Drive has an unpatched security vulnerability that attacks could exploit to trick users into downloading malware.
Just when you thought cloud services from companies like Google are safe, something like this comes up.
Earlier, threat actors were found exploiting Google Cloud to host malicious payloads to launch phishing attacks.
However, the case with Google Drive is slightly different. Threat actors can disguise malicious files as legitimate documents (or images).
This enables attackers to launch spear-phishing attacks with a higher success rate.
No Extension Check
This latest security issue on Google Drive resides in the manage versions functionality. In case you are not familiar with it, this feature allows file owners to upload the latest version of the file.
You would think that Google Drive allows users to update an older version of the file with a new version. Yes, it’s true so far, but the shocking thing is that it even allows uploading a version with a different extension.
For example, you have uploaded your thesis file with the filename ‘thesis.pdf,’ which means it is a PDF file having a .pdf extension.
The security flaw allows you to upload a newer version of the file, but you can even upload a file ‘thesis.pdf.exe’ easily.
What does this mean?
This means that when you share this file with someone (or send a mail), they might still be able to open the pdf file from their browser. However, hitting the download button will download the ‘exe’ version of the file, which may be corrupt or malicious.
Here’s a demo video:
As you can see, Google didn’t even force the same extension while changing the file version.
The Hacker News even claims that Google was aware of this issue but left it unpatched.
How Can Malware Hackers Exploit Google Drive Vulnerability?
Spear-phishing scams typically attempt to trick users into giving up their credentials, such as account information, password, and so on.
If users click on a malicious link or attachment, then the attackers will have access to all the credentials.
This Google Drive security issue is no different. The inability to keep the extension consistent can allow threat actors to upload a file containing malware.
Users will unknowingly download the malware that can give attackers access to the user’s system and credentials. What’s even worse is that Google Chrome implicitly trusts the files downloaded from Google Drive.
Meanwhile, the demo video shows that other antivirus software or file-sharing platforms can detect the file as malicious.
Have you noticed this issue before? Are cloud services becoming more vulnerable?
Let us know what you think!