“Proofpoint research has found that Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded,” Maor Bin, security researcher at Proofpoint, wrote in an advisory.
Also Proofpoint have warned that this would allow the attackers to exploit more on the SaaS application to find flaws and utilise that to spread their malware.
“We found the vulnerability as part of security research on Google Apps Scripts, not as part of an attack, After reporting it to Google, they made MITIGATION that prevent threat actors from using it,” Bin told.
This Vulnerability would have allowed the attackers to deliver the malware to the user even without any user interaction.
Google has now mitigated the specific attack vector disclosed by Proofpoint, other risks associated with cloud documents and data still exist.
“We appreciate Proofpoint’s contributions and have rolled out changes to address this potential vulnerability. We continuously work to stay ahead of potential threats,” a Google spokesperson.
To explain how the flaw can be taken advantage by the attackers,
1.The attacker can host the malware onto any of the Gsuite apps.
2.When an user uses that application which can make installable triggers to start.
3. Installable triggers, will install the malware in background, no user interaction is required.
In this way the malware can be installed into a victim system and they don’t even realise it.
Though Google has a safe browsing technology to block phishing and other type attacking sites this flaw would have enabled Google drive to host a malware to the users, since the Google drive has certain limit over safe browsing on it.
Therefore user should be cautious and should not click on specified links if they don’t know the sender well.