Attackers are exploiting Google Docs to conduct phishing and inject malware.
Last October, Avanan reported that hackers could easily send malicious links through comments in Google apps like Docs and Slides. This known vulnerability has not been fully closed or mitigated by Google since then.
In December, however, Avanan observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users. In this attack, hackers are utilizing productivity features in Google Docs to send malicious content.
In a statement to 9to5google, Google said they are “rolling out additional measures” specifically to prevent this type of spam from being posted in comments on Docs, Slides, and other Google Workspace files. These new preventions are just part of Google’s ongoing efforts to detect and shut down new spam campaigns.
"Weaponizing documents for phishing is a tried and true approach to establishing a foothold into an enterprise, and reinforces one of the fundamental truisms of the field: You can hack the systems or you can hack the humans. As it relates to hacking humans, this is always something of an arms race — adversaries are always pursuing novel ways of tricking humans via some trusted vehicle of delivery, while network defenders manage the fallout," Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based AI cybersecurity company. "At the end of the day, compromised users and systems will occur given time, motivation, and resources on behalf of an adversary — detecting and responding to that inevitability before material damage can be done is the hallmark of an effective security program."