Google Docs makes collaborating in real-time with colleagues a seamless experience, but hackers have found ways to take advantage of these capabilities to send malicious links to vulnerable users.
In June of last year, researchers at Check Point-owned Avanan discovered an exploit in the search giant’s Office software that allowed an attacker to easily distribute links to phishing sites to end users. Now though, hackers have found a new way to do exactly that.
In October it was reported that hackers could use comments in Google Workspace apps like Docs and Slides to easily send malicious links to other users. Although this is a known vulnerability, Google has not yet completely closed or mitigated it.
Beginning in December 2021, researchers at Avnan saw a new campaign in which a massive wave of hackers took advantage of the comment feature in Google Docs, primarily targeting users of Microsoft’s email service Outlook.
Using comments to target workspace users
According to a new blog post by Avanan, hackers in this attack are using @mentions to add comments with malicious links to Google Docs.
Unlike typical malicious campaigns, which rely on emails sent by an attacker to reach potential victims, in this case Google automatically sends an email to a target user. In these emails, the full comment is sent along with the malicious link and text, however the sender’s email address is not shown, only the attacker’s name which makes it easy to impersonate someone in their organization.
Although the campaign primarily targeted Microsoft Outlook users, they were not the only people affected, and Avnan saw more than 500 inboxes in 30 tenants affected by attackers using more than 100 different Gmail accounts. The cybersecurity firm notified Google of the flaw earlier this month using the Report Fish via email button within Gmail.
To prevent falling victim to this attack and others like it, end users should be as vigilant when checking and responding to comments in Google Docs, Sheets, and Slides as they are when checking their inboxes for malicious emails. Huh.
we have also painted best antivirus, best malware removal software And best endpoint protection software