Beware! Hackers Sending Malicious Links And Exploiting Google Docs, Slides

New Delhi: Hackers are sending malicious hyperlinks by feedback in Google apps like Docs and Slides primarily to Outlook customers — a recognized vulnerability that has not been totally closed or mitigated by Google since final yr, cyber-security researchers have warned. In response to US-based enterprise cybersecurity firm Avanan, hackers are more and more utilizing Google Docs’ productiveness options to slide malicious hyperlinks previous spam filters and cyber safety instruments.

In June final yr, Avanan reported on an exploit in Google Docs that allowed hackers to simply ship malicious phishing web sites to end-users. Now, hackers have discovered a brand new technique to do the identical factor.

“Beginning in December 2021, Avanan noticed a brand new, large wave of hackers leveraging the remark function in Google Docs, concentrating on primarily Outlook customers,” mentioned researcher Jeremy Fuchs.

The remark function throughout the Google suite has turn out to be an assault vector for hackers, he claimed in a report. Avanan mentioned it notified Google of this flaw on January 3, through the report phish by e mail button inside Gmail.

Google was but to react to the report.

In a single such assault, hackers add a remark to a Google Doc. The remark mentions the goal with an ‘@’. By doing so, an e mail is robotically despatched to that individual’s inbox.

ADVERTISEMENT

“In that e mail, which comes from Google, the total remark, together with the unhealthy hyperlinks and textual content, is included. Additional, the e-mail handle is not proven, simply the attackers’ identify, making this ripe for impersonators,” mentioned the report that got here out on Thursday.

“On this e mail assault, hackers discovered a technique to leverage Google Docs, and different Google collaboration instruments, to ship malicious hyperlinks. We primarily noticed it goal Outlook customers, although not solely. It hit over 500 inboxes throughout 30 tenants, with hackers utilizing over 100 totally different Gmail accounts,” it elaborated.

To protect towards these assaults, earlier than clicking on Google Docs feedback, customers ought to cross-reference the e-mail handle within the remark to make sure it is reputable.

“Utilise normal cyber hygiene, together with scrutinising hyperlinks and inspecting grammar and deploy safety that secures all the suite, together with file-sharing and collaboration apps,” mentioned the researchers.