Google Drive ‘Manage Versions’ feature can allow potential hackers to trick victims to install malware or ransomware
Phishing attacks are deadly. A click on a simple innocuous link can result in the hacker taking over your computer remotely. But what can a victim do if the hacker abuses a Google Drive feature to trick you into downloading malware/ransomware?
According to a security researcher, hackers could use a unique feature in Google Drive to trick users into downloading malware or ransomware. A. Nikoci of Albania informed Google about the unpatched vulnerability in Google Drive’s Manage Versions feature.
Manage Versions in Google Drive is a feature that allows the user to save different versions of a single file. Rather than creating a new file, users can just need to create a named version of that file for reference/sharing or printing.
However, Nikoci found that this feature could be exploited by cybercriminals to make phishing attacks on their targets. They can trick victims to download malware which has been changed using the Manage Versions feature in Google Drive to seem like a legitimate Google Doc or Sheet/PDF/Image.
Manage Version helps users create a newer version of the file for future reference. Suppose a user has a sheet called Event and somebody edits it on the shared drive, they will name the edited file Event 2, and so on. Normally only edited versions should be allowed to be renamed but the flaw in Google Drive allows the user to upload a new file having the same name and extension and rename it using Manage Versions feature. Potential hackers could abuse this flaw to upload malware and rename it as Event 2 which the victim could click and download the payload.
PoC of the Google Drive vulnerability
Nikoci has put up three videos detailing the Google Drive Manage Versions flaw.
“Google lets you change the file version without checking if it’s the same type,” Nikoci told The Hacker News. “They did not even force the same extension.”
It is not known whether Google has patched this serious flaw.