Attack Misuses Google Docs Comments To Spew Out Malicious Links – Tripwire

Safety researchers say they've seen a “huge wave” of malicious hackers exploiting the remark function in Google Docs to unfold malicious content material into the inboxes of unsuspecting focused customers.

In keeping with a blog post revealed by Avanan, the feedback performance of Google Docs, in addition to its fellow Google Office web-based functions Google Sheets and Google Slides, is being exploited to ship out malicious hyperlinks.

The flaw could be exploited by cybercriminals to ship messages to simply about any e mail deal with, and but the emails are literally despatched from Google and so might seem reliable.

All a fraudster must do is create a Google doc, spreadsheet, or presentation, and add feedback that tag the meant goal’s e mail deal with. Google sees that as an invite to “helpfully” inform the person that they've been tagged and ship them the doc’s content material (together with any malicious hyperlinks.)

Use of the method to unfold malicious spam and phishing messages not solely makes it tougher for people to find out if an e mail is harmful or not, however can also current further challenges for email-filtering options that deal with Google as a trusted sender.

Avanan researcher Jeremy Fuchs writes that the newest assault he has seen focused Outlook customers – though not completely:

“It hit over 500 inboxes throughout 30 tenants, with hackers utilizing over 100 totally different Gmail accounts.”

The issue is compounded by the emails not containing the attacker’s e mail deal with,

 » Read more from