A system administrator has found a vulnerability in Google Drive that allows you to quietly replace a file of any extension with a malicious one.
A security vulnerability in Google Drive could be used by attackers to spread malicious files disguised as images, allowing fraudsters to successfully launch attacks.
The problem, which Google is aware of but sadly isn’t fixing, is in the "versioning" feature, which allows users to upload and manage different versions of a file.
The vulnerability allows changing the extension of a file uploaded under the guise of a new version of the file. The user can upload a file with any extension and content under the guise of a new version. Thus, it is possible to replace, for example, a PDF file, with an executable .exe file with malicious content.
System administrator A. Nikochi, who found this vulnerability, created several demo videos in which he clearly demonstrated how a legitimate version of a file can be replaced with malware.
As shown in the demo videos, after replacing a file with a malicious one, the Google Drive preview shows neither the threat nor the fact that the file has been replaced.
Needless to say, the issue leaves the door open for highly effective spear phishing campaigns that exploit vulnerabilities in popular cloud services like Google Drive to spread malware.
Development began after Google recently patched a security flaw in Gmail that could allow an attacker to send fake emails impersonating any Gmail or G Suite client, even with strict DMARC/SPF security policies enabled.