In the attack scenario described by Proofpoint, an attacker uploaded a piece of malware to Google Drive and created a public link. Then, they use Google Docs to send the link to the target user. Appscript triggers can cause malware to be automatically downloaded to their device once the victim attempts to edit Google Docs. Researchers say attackers can use social engineering to persuade targets to execute malware.
Google has introduced new restrictions on simple triggers to stop malware and phishing attacks triggered by opening documents.
Although there is no evidence that this method is being used in the wild, it is not unheard of to abuse Google Apps Script malicious actors. One cybercriminal group using the infamous Carbanak malware used C & C communications services for a time.
“The SaaS platform is still the” Wild West “that threatens actors and defenders.New tools like the Google Apps Script are rapidly adding features, while the threat actors are looking for new ways to abuse these platforms. At the same time, few tools Can detect threats that are generated or distributed by legitimate SaaS platforms, “explains Maor Bin, Proofpoint’s director of threat systems product security research.
He added: “This creates a considerable opportunity for threat actors to take advantage of newly discovered vulnerabilities or to use” bad “practices: using legitimate features for malicious purposes.
Researchers at Proofpoint discovered recently that Google Apps Script could have been abused by malicious hackers to automatically download malware hosted on Google Drive to targeted devices. read more… Engaging post, Read More…
thumbnail courtesy of securityweek.com
If you like to receive more of these curated news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Commentaries