Google Drive could leave a door open for hackers to trick users into installing malware. System administrator A. Nikoci told The Hacker News of a flaw in Drive’s file version management feature, which could allow attackers to trade a legitimate file for malware. The cloud storage service reportedly doesn’t check if a file is of the same type or doesn’t apply for the same extension. A photo of a harmless cat could, therefore, hide malware.

The online preview does not suggest any changes, nor does it generate alarms, so the user may not know that there is a malicious file until it is installed. Chrome seems to “implicitly trust” Drive downloads even when other antivirus programs detect something wrong.

The approach could be used for spear phishing attacks, which trick users into compromising their systems. Therefore, the user could be notified of a document update and take the file without realizing the threat. Nikos said he notified Google of the problem but still did not have a patch on August 22.

The bug would offer a not too difficult way for hackers to allow hackers to attack especially companies that rely on Google Drive for sharing documents.

Removing this vulnerability would force Google to make a significant change to version control of the proposed files in Drive. For now, your best bet may be to use antivirus software and watch out for file update warnings on Google Drive, especially if the user knows absolutely nothing about new versions of alleged files.

Aidan Rogers
Aidan loves being described as Jack of all Trades. He is literally good at everything be it Singing, Writing, Games, Drifting, Hiking, Swimming and above all He is a good Teacher. He is also a web developer with over 100+ successful projects completed.
    0 0 votes
    Article Rating
    Notify of
    Inline Feedbacks
    View all comments

    You may also like

    More in:Global