Google Docs and Google Slides users should be wary. The two web office applications can become attack vectors, despite the protections put in place by Google.
Security researchers at Avanan have identified a worrying vulnerability in Google Docs and Google Slides, two very popular web applications for writing text and creating presentations. The cybercriminals’ modus operandi is very simple.
Google’s security filters don’t detect anything
Hackers add a comment in a Docs or Slides document, targeting their victim with an @ at sign. An e-mail message is then automatically sent to the target person, it contains the entire comment with its text and malicious links. The hacker’s e-mail address is not indicated, only his name: it becomes easy to deceive the victim by pretending to be a relative or a colleague. The latter may then click on the links contained in the message.
Since the email sent by Google contains the viral load, the user does not even have to go to the malicious document. The attacker does not have to share the document either, he just has to indicate the victim by mentioning it with @! The attack is all the more effective since Google’s anti-spam tools detect nothing.
According to Avanan, more than 500 mailboxes in 30 companies were affected by this attack. Google has not, however, stood idly by: fixes have been implemented since October, but it is still insufficient to respond to the dangerousness of this type of attack. Researchers continue to demonstrate that it is always possible to bypass the security filters set up by the search engine.
It is strongly recommended that users monitor Google Docs messages sent to them very closely, and especially not click on questionable links in comments.