Malware is downloading directly from Google Drive


Hackers are now able to download malware to your computer via google drive...

Recent discoveries have shown that Google Drive's document-sharing capabilities can be manipulated to support malware downloads automatically. According to Proofpoint, this is a result from the Google Apps Script which is based on JavaScript. This allows the creation of both standalone web apps and extensions to various elements of the Google Apps SaaS ecosystem.

Here's how it works: the malicious files on Google Drive create a public link and share a faulty Google Doc to drag in certain engineering schemes with the intention of having the victim utilize the malware once it is downloaded. Records have also shown that it IS possible for the malware to activate even without user interaction. These attacks are difficult to detect given that they come from legitimate sources and the links don't contain any malware themselves.

Google attempted to block these phishing and malicious attacks by by adding restrictions and simple triggers that are executed while opening docs. However, research has shown that SaaS (software-as-a-service) platforms can be used to deliver malware to its victims in even more powerful ways than Microsoft Office macros can. Thus, users ought to be wary of files that automatically download via cloud platforms and be wary of the social engineering attacks.