Net-based phrase processor Google Docs is being actively exploited to disguise harmful internet domains, safety analysts have warned.
As found by safety agency Avanan, cybercriminals have discovered a strategy to conceal assaults behind customary Google Docs URLs, which might be delivered to victims by way of electronic mail with out triggering safety software program.
The loophole might be exploited to redirect victims by way of to malicious internet pages, which may very well be set as much as siphon private particulars and account credentials, or rigged with malware.
“Hackers are bypassing static hyperlink scanners by internet hosting their assaults in publicly recognized companies,” defined Avanan. “Now we have seen this prior to now with small companies like MailGun, FlipSnack and Movable Ink, however that is the primary time we’re seeing it by way of a serious service like Google Drive/Docs.”
Google Docs exploit
Though there are a couple of hoops for attackers to leap by way of, Avanan says the assault is straightforward to execute “as a result of Google does many of the work”.
Step one is to code a webpage that mimics the Google Docs format and branding, containing a hyperlink that redirects to a malicious website. Attackers then add this HTML file to Google Docs, which renders the web page.
By abusing the “Publish to the online” operate, attackers can create a hyperlink that appears similar to another file-sharing hyperlink and is due to this fact capable of bypass electronic mail safety protections designed to weed out harmful internet addresses.
Disguising the area behind a Google Docs hyperlink additionally improves the chance a consumer will click on by way of and land, in the end, on the web page outfitted with information-stealing capabilities.
To protect towards an assault of this sort, Avanan suggests companies deploy a multi-tiered safety structure able to figuring out uncommon exercise on the community. The recommendation for finish customers, in the meantime, is to all the time scrutinize the sender’s electronic mail handle for abnormalities which may betray a rip-off.
Google didn’t reply instantly to questions on whether or not the corporate is working to dam off the assault vector.
Source link
