Web-based word processor Google Docs is being actively exploited to disguise dangerous web domains, security analysts have warned.
As discovered by security firm Avanan, cybercriminals have found a way to conceal attacks behind standard Google Docs URLs, which can be delivered to victims via email without triggering security software.
The loophole can be exploited to redirect victims through to malicious web pages, which could be set up to siphon personal details and account credentials, or rigged with malware.
- We've built a list of the best password managers out there
- Check out our list of the best antivirus software around
- Take a look at our list of the best ransomware protection services
“Hackers are bypassing static link scanners by hosting their attacks in publicly known services,” explained Avanan. “We have seen this in the past with small services like MailGun, FlipSnack and Movable Ink, but this is the first time we’re seeing it through a major service like Google Drive/Docs.”
Google Docs exploit
Although there are a few hoops for attackers to jump through, Avanan says the attack is simple to execute “because Google does most of the work”.
The first step is to code a webpage that mimics the Google Docs layout and branding, containing a link that redirects to a malicious site. Attackers then upload this HTML file to Google Docs, which renders the page.
By abusing the “Publish to the web” function, attackers can create a link that looks identical to any other file-sharing link and is therefore able to bypass email security protections designed to weed out dangerous web addresses.
Disguising the domain behind a Google Docs link also improves the likelihood a user will click through and land, ultimately, on the page equipped with information-stealing capabilities.
To shield against an attack of this kind, Avanan suggests businesses deploy a multi-tiered security architecture capable of identifying unusual activity on the network. The advice for end users, meanwhile, is to always scrutinize the sender’s email address for abnormalities that might betray a scam.
Google did not respond immediately to questions about whether the company is working to block off the attack vector.
Google has since provided the following tips to help users shield against this kind of attack:
- Use 2-step verification to reduce the risk of unauthorized access
- Use security keys that allow only the holder to access the account
- Take the Google Security Checkup
- Pay attention to warnings and alerts that appear
- Report suspicious emails and other content to Google
- Here's our list of the best endpoint protection services around