Hackers are abusing Google Docs to bypass security protections

(Image credit: Google)

Google Docs brand collaborating in real-time with colleagues a seamless experience but hackers take found ways to leverage these capabilities to send malicious links to unsuspecting users.

Back in June of last year, researchers at Cheque Point-endemic Avanan discovered an exploit in the search giant's part software that allowed an attacker to easily deliver links to phishing sites to finish-users. Now though, hackers have discovered a new way to practice the exact aforementioned thing.

It was reported in October that hackers could apply comments in Google Workspace apps like Docs and Slides to easily transport malicious links to other users. Although this is a known vulnerability, Google has yet to fully shut or mitigate it in the fourth dimension since.

Beginning in December of 2021, Avanan's researchers observed a new campaign in which a massive wave of hackers leveraged the annotate feature in Google Docs to primarily target users of Microsoft'due south email service Outlook.

Co-ordinate to a new weblog post from Avanan, in this attack, hackers are adding comments with malicious links to Google Docs using @ mentions.

Dissimilar with typical malicious campaigns that rely on emails sent from an attacker to accomplish potential victims, in this case Google automatically sends an e-mail to a targeted user. In these emails, the full comment along with the malicious link and text are sent though the email address of the sender isn't shown, just the aggressor'due south proper name which makes it like shooting fish in a barrel to impersonate someone at their organization.

Although the campaign primarily targeted Microsoft Outlook users, they weren't the only people affected and Avanan observed over 500 inboxes beyond thirty tenants affected with the attackers responsible using over 100 different Gmail accounts. The cybersecurity business firm notified Google of this flaw at the beginning of this month using the report phish through email push within Gmail.

To foreclose falling victim to this set on and others like it, cease users should remain as vigilant when checking and responding to comments in Google Docs, Sheets and Slides as they do when checking their inbox for malicious emails.

We've likewise featured the best antivirus , best malware removal software and best endpoint protection software

Later on living and working in South korea for vii years, Anthony at present resides in Houston, Texas where he writes virtually a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for equally long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.