Google Drive is one of the more trusted cloud services out there, but that doesn’t mean it’s perfect. As System administrator A. Nikoci tells The Hacker News, bad actors can exploit flaws in Google Drive’s manage versions feature to trick you into downloading malware.
To demonstrate, A. Nikoci put together a YouTube video that shows the process. To start, the bad actor needs to upload a legitimate file, like a PDF, and create a shareable link for it. Google Drive will do its thing and generate previews, and the like so anyone who follows the link can see what the file contains.
But the next step is where things get nefarious. Google Drive has a “manage versions” feature that lets you update a file and keep the same shareable link. That’s useful if you needed to make some changes to a file you’ve already sent out.
It seems Google Drive doesn’t take as close a look at the new file as it did the original. You can change out the file entirely, even if it has a new extension like .exe, and that doesn’t trigger an update to the preview or update the file name and extension in the shared link site.
The only real indications are a change to the file icon (it no longer shows a pdf icon for instance), and when you download the file it will reveal the .exe extension. Of course, that could be too late for the right kind of malware. Or you might have the “open when finished downloading” option going.
Google Drive doesn’t seem to scan the updated file closely enough to realize it’s malware, even when SmartScreen and other antivirus programs catch the problem. Nikoci says he notified Google of the problem two days ago, but the company hasn’t corrected it.
Here’s hoping that changes soon.
via The Hacker News