Hacker exploits Google App script to spread malware
When looking for new avenues of attack, cybercriminals molecules have figured out a way to use Google App script, will be hosted malicious software on the Google drive automatically downloaded onto a computer everyone.
Attackers use Google App script to spread malware
“Proofpoint research has found that Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded,” Maor Bin, security researcher at Proofpoint, wrote in an advisory. “We also confirmed that it was possible to trigger exploits with this type of attack without user interaction.”
Proofpoint discloses PoC for exploitation
The first step is to upload the malware executable to Google Drive and hackers can create public links. In the second step, attackers share Google Doc links that contain malware, share with their target victims, and persuade recipients to open the document. This is essentially a document-based phishing attack. Proofpoint said:
“While we often look at Google Docs for phishing and malware distribution by linking to Google Drive URLs, the scalable SaaS platform allows more sophisticated forms of attack, automated malware propagation, and more difficult detection.
Using a SaaS application like Google Drive leads to a completely new aspect of attack that businesses and consumers need to guard against. Because of this relatively new form of attack, most staff may not be aware of any potential dangers to Google Docs.
The good news is that phishing-based defenses can also resist this type of attack. On the downside, SaaS application attacks are much easier for hacking than using macros, which may mean that this approach will be used more often in the future and may extend from Google Drive to others Platforms such as Office 365, G Suite and Box.