Malware trap: Think twice before you click Google Drive links
August 24, 2020
By Kim Komando
If you’ve found yourself relying on Google’s software ecosystem more than ever these past few months, you’re not alone. Google’s Drive, Docs and G-Suite services make working from home easier when it comes to tasks like collaborating on projects.
In fact, Google took the unprecedented steps of offering its paid G-Suite services like Google Meet for free during the COVID-19 pandemic. Tap or click here to see what Google did to help at-home workers over the past few months.
With so many people relying on Google’s productivity software, hackers are seeing the perfect opportunity to wreak havoc and steal data. And now, security researchers have found a previously undiscovered bug in Google Drive that could allow hackers to swap out legitimate files with malicious ones. Here’s how it works, and what you can do about it.
Google Drive-ing you crazy
According to a report in The Hacker News, an unpatched security flaw in Google Drive is posing a unique risk to users — particularly those working regularly from home.
The issue, which was discovered by system administrator A. Nikoci, is caused by Google Drive’s failure to check different versions of files stored on the cloud. This could potentially allow hackers to swap out normal files in favor of malicious ones, which Google Drive would simply read as an “updated version” of the previous files.
When the issue occurs, Google doesn’t even give you any alerts or updates other than the fact that document has been updated. For at-home workers, this could lead to dangerous scenarios where users go to open the file and are instead treated to a cyberattack.
To make matters worse, Google Drive doesn’t even care if the file type is the same as the previous version. This means that hostile executable programs could be swapped out over harmless documents.
On Aug. 22, Nikoci claimed to notify Google about the security issue. He has not yet received a response and as of the time of this article’s publication, the issue remains unpatched.
How can I protect myself from this security issue?
Because Google seemingly hasn’t taken action to address this problem on its end, the burden once again falls on users to keep themselves safe. The best workaround you can do is to simply be aware of sudden, unexpected changes to your Google Drive files.
If you get one that you weren’t expecting, simply reach out to teammates or coworkers before opening it. Ask them to confirm who, if anyone, may have changed the file. If no one can figure out who did it, it’s probably dangerous.
At that point, your best course of action is to perform a security checkup on your Google Account. Tap or click here to see how to do it.
But for those of us who rely on Google Drive for our own personal use, there won’t be any teammates to confirm the issue with. At that point, your best defense is a solid anti-malware suite that can protect you in real time.
Tap or click here for our favorite free anti-malware programs.
Hopefully, Google responds to the issue and patches it accordingly. Since so many of us depend on its software ecosystem every day, Google Drive is a feature we can’t afford to lose.
https://www.komando.com/tips/cybersecurity/google-drive-malware-flaw/