Google Drive has hundreds of thousands of users across the world. But, now is the time to be vigilant. Google Drive has a bug that will fool users into installing malware.
An unpatched flaw in Google Drive allows hackers to issue malicious files disguised as legitimate files on systems nationwide.
What’s worse? Users can be fooled into installing this malware.
Google Drive security flaw allows hackers to fool users
Cloud storage services like Google Drive have become more and more popular. Not only do they provide extra storage space but the great thing about them is that they can be accessed anytime and anywhere. All you need is a stable internet connection.
Now, Google Drive has a flaw that allows hackers to fool users into installing malware as per the system administrator, Nikoci. According to the system admin, Google is already aware of this security flaw.
Additionally, hackers can use this loophole to issue malicious or corrupt files that are disguised as legitimate documents and files.
The problem with this malware is that it is very difficult to distinguish and it does not raise any red flags. So, users will not know that they are already handling this malicious file until they have actually installed it.
Moreover, Google’s Chrome browser completely trusts Drive downloads even when many other third-party antivirus software sets off alarm bells.
The way that the malware is distributed can be used for spear phishing attacks – tricking the users into giving hackers access into their systems.
And the worse part of it all? Users will continue downloading files without realizing the threat.
The bug is found in Google Drive’s Manage Versions feature
The security bug in question is in Google Drive’s Manage Versions feature.
This feature allows users to upload files and manage different versions of a file. With this feature, users can monitor any changes made to their files on Google Drive, including those who’ve actually made the changes.
The changes in the file include tracking when someone has edited or commented in Google Docs, renamed a file or folder, or uploaded new files to a certain folder.
Users can also see if items were moved or removed. Additionally, users can see when someone has shared or unshared a file or folder in Google Drive.
More about the Manage Versions feature bug
According to reports, when a certain file is being replaced through Manage Versions, Google Drive will not enforce the same extension.
The feature is supposed to replace older files only if the new ones are of the same extension, Nikoci said. However, that’s not the case.
The online preview does not warn users or raise any alarms when files are replaced with malicious files. Users will be shocked to find that they have installed malware, but only after the fact.
Google has not issued an official statement regarding the issue yet. The tech giant has just recently fixed a high-severity flaw in its latest Chrome browser version which can potentially lead to code execution.