Be extra careful when using Google Drive. The G Suite app has a weakness that may expose you to malware and phishing attacks. With this flaw, attackers can upload malware that looks like real documents or images. You may find a simple cat photo on your Drive, but it’s malware.
How Does This Google Drive Flaw Work?
The website TheHackerNews.com said that a system administrator named A. Nikoci reported the flaw to Google. He said that users could upload any version of a file already on Drive, which includes malicious .exe files.
Engadget also reports that you also can’t check if the file is malicious, since Drive’s online preview doesn’t tell you anything. You’d only know if you got malware after you install it. So, don’t just download anything off Drive. If you’re using Chrome, you also won’t notice anything, since it doesn’t notify you of possible malware. You’d have to use other antivirus software to detect them.
— Engadget (@engadget) August 22, 2020
Risks from the Google Drive Security Flaw
Bad actors could use this flaw to make spear phishing attacks on users. This attack would trick users into downloading malware that breaches their security. On your browser, Drive may notify you that you should update a document and then grab the malware.
After informing Google about the issue, Nikoci said the fault is still unpatched as of August 22.
Who Would Exploit This Google Drive Flaw?
Attackers who want to hack into companies using Google Drive could exploit this issue. However, Google Drive’s use in file sharing is now standard. So, you still have to be careful. Since it’s still unpatched, you could use antivirus programs to protect yourself. Also, don’t download file updates you weren’t expecting.