Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detecting a Google Drive vulnerability could allow hackers to trick users into installing malware
An unresolved security weakness in Google Drive can be exploited by software attackers to distribute malicious files disguised as normal documents or images targeting users, thereby allowing users to allowing them to deploy large-scale phishing attacks with a fairly high rate of success.
With that said, this is a vulnerability that Google has confirmed, but as of now it has not been patched. This vulnerability exists in the "manage versions" function of Google Drive, which is designed to allow users to upload and manage different versions of a file, as well as the interface. latest for users.
Vulnerability on Google Drive
Logically, manage versions will allow Google Drive users to update the old version of the file to the new version with the same extension, but not quite. According to A. Nikoci, a professional system administrator who reported the vulnerability to Google and then revealed the details to The Hacker News, in terms of functionality, the vulnerability in manage versions allows users to upload the latest version of the currently archived files with any extension that does not have the specific resemblance to the original design, even with a malicious executable.
The malicious executable is disguised as an image file
As can be seen in the demo videos Nikoci shared with The Hacker News, the vulnerability could cause the legitimate version of a file that was shared between a group of users to be replaced by a malicious file, which almost there aren't any signs of identification. When users download this file and access it, the malicious code immediately infects the entire system.
Demo video exploits a vulnerability in Google Drive
Apparently this vulnerability opened up new doors for highly effective phishing campaigns, leveraging the popularity of cloud services like Google Drive to spread malware on a large scale, especially. is for organizations and enterprises that use this cloud storage platform to share documents.
Nikoci said it has sent a notice to Google on the issue since August 22. Mountain View company has received the information, but as of now, there are no patches or comments. given.
For now, the best possible limited solutions are to use reliable antivirus software and be wary of file update warnings on Google Drive, especially if you don't know the file's origin.
Kareem WintersYou should read it
- Phishing attack: The most common techniques used to attack your PC
- Support tools for using documents from Google Drive
- Download files and websites directly from Google Drive in Chrome browser
- New phishing attacks appear to use Google Translate as a disguise
- Don't miss these 9 useful Google Drive tricks!
- [Infographic] How to become a 'power' user of Google Drive
- Summary of useful shortcuts on Google Drive
- 5 interesting features on Google Drive that users do not know
May be interested
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
mediatek has just had to immediately release patches for vulnerabilities that allow hackers to eavesdrop on android users' calls. even hackers can exploit the vulnerability to run commands or privilege escalation attacks. - Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackersgoogle has just released chrome 91.0.4472.101 emergency update for windows, mac and linux to patch 14 security holes. among these is a critical zero-day vulnerability (cve-2021-30551) that is being actively exploited by hackers.
- Instructions for installing and using Google Drive on phones and computersinstructions for installing and using google drive on phones and computers. google drive cloud storage service is one of the most used services today. using google drive, you get free 15gb of storage and pay for the software
- Warning: This simple command can damage your Windows computer's driverecently, security developers discovered a zero-day vulnerability in windows 10 that allowed hackers to damage users' ntfs hard drives with just one command. this vulnerability even affects windows xp.
- Google Drive 4,2021.46200, Download Google Drive heregoogle drive is google's cloud storage solution. the platform allows you to store your media content and documents on google's servers so you can free up space on your hard drive and access them from any device with an internet connection.
- Answer these 5 questions before clicking on any linkurls are used to make 'links' to resources on the internet. the url creates a 'hyperlink' capability for web pages. however, computer crime today, hackers are increasingly 'cunning' and more dangerous. these hackers can change passwords and steal user data, even using drive-by-download malware to attack users.
- Warning: New malware 'Mamont' impersonates Google Chrome to steal informationsecurity researchers recently discovered a new malware called 'mamont', which can impersonate google chrome to trick information theft.
- Update your Macbook now to avoid this major security bugrecently, a zero-day vulnerability allowed hackers to bypass many of apple's security protocols and deploy malware on an unknown number of computers. this vulnerability has been fixed in macos 11.3.
- 5 interesting features on Google Drive that users do not knowjust have a gmail account, you can experience the exciting new features integrated on google drive. let's consult and experience.
- Google discovered a dangerous zero day vulnerability on many Samsung Galaxy, Huawei, Xiaomi and even Pixel phonesthis vulnerability affects many major phone companies including huawei p20, pixel 1 and pixel 2, xiaomi, samsung with galaxy s7, s8 and s9 ... and most likely exploited by hackers.
Attack the network
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emails
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Microsoft has just patched a critical security hole in Windows 10 discovered in 2018
- Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
- Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software
- The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emails
Find bug in Emotet malware, prevent it from spreading for 6 months
Microsoft has just patched a critical security hole in Windows 10 discovered in 2018
Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software
The Joker malware once again bypassed Google's security, spreading strongly on the Play Store