Hackers can enable Google Drive users to install malware, according to System Administrator A Nikolic. He said there is an unprecedented drive security vulnerability that could allow hackers to send malicious files, but they are forcing legitimate photos and documents. He also said that he had already told Google the error.
The security bug is a “version management” feature provided by Google. This allows users to download and manage different versions of the file. With this, users can track the changes that have made those changes, including tracking changes made to their Google Drive files. The track even when someone makes edits or comments in Google Docs, renaming a file or folder, uploading a new file to a folder, moving an item or removing an item, and unchecking a file or folder Changes worth doing include tracking.
Nikos stated that this feature could allow users to update a file with a new version that has the same document extension but is not. He said that this feature allows users to update an old file with a new version that may not have the same extension, allowing the malicious executable to be loaded onto an older, valid file.
According to Nikoci, when a malicious file replaces an old file and users preview that file online, they will not be aware of any changes. This makes them vulnerable because they do not know that their legitimate file has been overwritten with the malicious file until it is actually downloaded. This vulnerability can be used by cybercriminals for phishing attacks. What’s more, even when other antivirus software detects or suspects malware, the Chrome browser still relies on files downloaded through Google Drive.
Phishing attacks are those in which users are inadvertently forced to open files containing malware. It is commonly used to collect confidential information from target users.
This revelation from Nikos came on the heels of another reported bug by security researcher Alison Hussain. Hussein said a bug in the Gmail and G Suite servers was allowing hackers to send phishing emails on behalf of any Gmail or G Suite users. This bug has been corrected by Google.