Home
Wifi Tips
Fix Computer
Windows 10
Windows 11
Artificial Intelligence
Space Science
Strange story
Detecting a Google Drive vulnerability could allow hackers to trick users into installing malware
An unresolved security weakness in Google Drive can be exploited by software attackers to distribute malicious files.
An unresolved security weakness in Google Drive can be exploited by software attackers to distribute malicious files disguised as normal documents or images targeting users, thereby allowing users to allowing them to deploy large-scale phishing attacks with a fairly high rate of success.
With that said, this is a vulnerability that Google has confirmed, but as of now it has not been patched. This vulnerability exists in the "manage versions" function of Google Drive, which is designed to allow users to upload and manage different versions of a file, as well as the interface. latest for users.
Vulnerability on Google Drive
Logically, manage versions will allow Google Drive users to update the old version of the file to the new version with the same extension, but not quite. According to A. Nikoci, a professional system administrator who reported the vulnerability to Google and then revealed the details to The Hacker News, in terms of functionality, the vulnerability in manage versions allows users to upload the latest version of the currently archived files with any extension that does not have the specific resemblance to the original design, even with a malicious executable.
The malicious executable is disguised as an image file
As can be seen in the demo videos Nikoci shared with The Hacker News, the vulnerability could cause the legitimate version of a file that was shared between a group of users to be replaced by a malicious file, which almost there aren't any signs of identification. When users download this file and access it, the malicious code immediately infects the entire system.
Demo video exploits a vulnerability in Google Drive
Apparently this vulnerability opened up new doors for highly effective phishing campaigns, leveraging the popularity of cloud services like Google Drive to spread malware on a large scale, especially. is for organizations and enterprises that use this cloud storage platform to share documents.
Nikoci said it has sent a notice to Google on the issue since August 22. Mountain View company has received the information, but as of now, there are no patches or comments. given.
For now, the best possible limited solutions are to use reliable antivirus software and be wary of file update warnings on Google Drive, especially if you don't know the file's origin.
Kareem Winters
- What is Clipper Malware? How does it affect Android users?
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers
- Trick to create a copy of text for recipients when sharing a Google Drive file
- Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
- New malware uses Google Drive as a command-and-control server
- GitLab patches critical vulnerability that allows hackers to take control of accounts
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emails
- Trick to search on Google Drive
- WinRAR releases emergency patch for serious security vulnerability, users need to update immediately
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
- Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers
- Warning: This simple command can damage your Windows computer's drive
- Answer these 5 questions before clicking on any link
- Instructions for installing and using Google Drive on phones and computers