A Google Drive flaw could trick the user into installing malware

Google Drive could leave a door open for hackers to trick users into installing malware. System administrator A. Nikoci told The Hacker News of a flaw in Drive’s file version management feature, which could allow attackers to trade a legitimate file for malware. The cloud storage service reportedly doesn’t check if a file is of the same type or doesn’t apply for the same extension. A photo of a harmless cat could, therefore, hide malware.

The online preview does not suggest any changes, nor does it generate alarms, so the user may not know that there is a malicious file until it is installed. Chrome seems to “implicitly trust” Drive downloads even when other antivirus programs detect something wrong.

The approach could be used for spear phishing attacks, which trick users into compromising their systems. Therefore, the user could be notified of a document update and take the file without realizing the threat. Nikos said he notified Google of the problem but still did not have a patch on August 22.

The bug would offer a not too difficult way for hackers to allow hackers to attack especially companies that rely on Google Drive for sharing documents.

Removing this vulnerability would force Google to make a significant change to version control of the proposed files in Drive. For now, your best bet may be to use antivirus software and watch out for file update warnings on Google Drive, especially if the user knows absolutely nothing about new versions of alleged files.


📰 Follow Tech Lapse on Google News, select us among your favorites by clicking the star ⭐

Aidan Rogers
Aidan Rogers
Aidan loves being described as Jack of all Trades. He is literally good at everything be it Singing, Writing, Games, Drifting, Hiking, Swimming and above all He is a good Teacher. He is also a web developer with over 100+ successful projects completed.

Recent News

Appy Pie Connect Can Help Integrate Stripe with Other Software

COVID pandemic has directly contributed to the large scale adoption of online payment processing tools. Online commerce has progressed rapidly since the appearance of...

Apple acquires AI Video startup Vilynx to further improve Siri

Apple acquired Vilynx, a startup specializing in Artificial Intelligence, intending to improve Siri, the virtual assistant with iPhone, Mac, Apple Watch, etc. The developers of...

Apple’s alternative to Google reportedly in development

Hints that Apple has been developing alternative web search technologies and tools to Google have been circulating since 2015 and have re-emerged periodically ever since....