Google Drive Features a Vulnerability That Could Allow Threat Actors to Distribute Malicious Files

On August 22, 2020, details were released regarding an unpatched vulnerability that is associated with Google Drive. This vulnerability resides on the “manage versions” feature in Google Drive which allows users to upload and manage different versions of a file and also resides in the interface that provides a new version of the files to the users. A security researcher identified that the feature allows users to upload a new version with any file extension for any legitimate file stored on Google Drive. As a result, threat actors could upload malicious executable files on Google Drive. Threat actors could also exploit this vulnerability to carry out spear-phishing campaigns that contain links to malicious files hosted on Google Drive and use those to distribute malware.

Researchers observed that the Google Chrome browser appears to completely trust any file downloaded from Google Drive, even if the file has been flagged as “malicious” by an anti-malware solution. At the time of writing, there is no evidence to confirm that the vulnerability has been exploited by the threat actors in the wild and it is unclear when Google will address the vulnerability.

Nuspire recommends the use of following measures to help mitigate against phishing campaigns:

• Provide phishing and social engineering training to the employees
• Use reputable next-gen antivirus solutions
• Maintain up-to-date antivirus signatures and engines
• Use a dedicated email service with strong malware filtering
• Validate the sender’s email address and verify any links or attachments
• Use password managers and enforce multi-factor authentication (MFA) to employee accounts