New Delhi: Hackers are mainly sending malicious links to Outlook users via comments in Google apps like Docs and Slides – a known vulnerability that hasn’t been completely closed or mitigated by Google since last year, cyber security researchers said. has warned. Hackers are increasingly using the productivity features of Google Docs to slip spam filters and malicious links past cybersecurity tools, according to US-based enterprise cybersecurity company Avanan.
In June of last year, Avnan reported on an exploit in Google Docs that allowed hackers to easily deliver malicious phishing websites to end-users. Now, hackers have found a new way to do the same.
Researcher Jeremy Fuchs said, “Since December 2021, Avnan saw a new, massive wave of hackers taking advantage of the comment feature in Google Docs, primarily targeting Outlook users.”
He claimed in a report that the comment feature in Google Suite has become an attack vector for hackers. Avanan said he notified Google of the flaw on January 3 via the Report Fish via email button within Gmail.
Google was yet to react to the report.
In one such attack, hackers add a comment to a Google Doc. The comment mentions the target with ‘@’. Doing so automatically sends an email to that person’s inbox.
The report said, “The email, which appears to have come from Google, contains bad links and full commentary including text. Furthermore, the email address is not shown, only the name of the attackers, making it vulnerable to impersonators.” mature.” Which came out on Thursday.
“In this email attack, hackers found a way to take advantage of Google Docs and other Google collaboration tools to send malicious links. We saw this primarily targeting Outlook users, though not exclusively. It hit 30 tenants hit more than 500 inboxes in the U.S., with hackers accessing more than 100 different Gmail accounts,” it detailed.
To protect against these attacks, before clicking on Google Docs comments, users should cross-reference the email address in the comment to make sure it is valid.
“Use standard cyber sanitization, which includes checking links and inspecting grammar, and deploying security that secures the entire suite, including file-sharing and collaboration apps,” the researchers said.
,