Internet-based phrase processor Google Docs is being actively exploited to disguise harmful internet domains, safety analysts have warned.
As found by safety agency Avanan, cybercriminals have discovered a solution to conceal assaults behind customary Google Docs URLs, which could be delivered to victims by way of e mail with out triggering safety software program.
The loophole could be exploited to redirect victims by to malicious internet pages, which might be set as much as siphon private particulars and account credentials, or rigged with malware.
“Hackers are bypassing static link scanners by hosting their attacks in publicly known services,” explained Avanan. “We now have seen this previously with small companies like MailGun, FlipSnack and Movable Ink, however that is the primary time we’re seeing it by a serious service like Google Drive/Docs.”
Google Docs exploit
Though there are just a few hoops for attackers to leap by, Avanan says the assault is straightforward to execute “as a result of Google does many of the work”.
Step one is to code a webpage that mimics the Google Docs structure and branding, containing a hyperlink that redirects to a malicious web site. Attackers then add this HTML file to Google Docs, which renders the web page.
By abusing the “Publish to the net” perform, attackers can create a hyperlink that appears an identical to every other file-sharing hyperlink and is subsequently capable of bypass e mail safety protections designed to weed out harmful internet addresses.
Disguising the area behind a Google Docs hyperlink additionally improves the probability a consumer will click on by and land, in the end, on the web page outfitted with information-stealing capabilities.
To protect in opposition to an assault of this sort, Avanan suggests companies deploy a multi-tiered safety structure able to figuring out uncommon exercise on the community. The recommendation for finish customers, in the meantime, is to at all times scrutinize the sender’s e mail tackle for abnormalities that may betray a rip-off.
Google didn’t reply instantly to questions on whether or not the corporate is working to dam off the assault vector.