According to the system administrator named Nikoci, there is a security vulnerability in Google Drive that allows users to replace standard files with malicious files.
Google Drive, one of the most popular cloud storage services in the world, has a critical vulnerability that allows hackers to download malware on your computer, according to information reported by a system administrator named Nikoci to The Hacker News.
The vulnerability Nikoci said to Google that the vulnerability was still not patched in the last checks, and the vulnerability causes malware to be placed on Google Drive like harmless software and users download these software instead of their original files.
Thanks to the Manage Versions feature, Google Drive users can view which changes were made to the files on which any changes were made, and the old versions. The vulnerability in question also ensures that this feature is fully utilized.
Normally, a file in Google Drive can only be updated with the new version if it has the same extension. However, due to the vulnerability, files can also be updated with files that do not have the same extension. Therefore, users are actually downloading malicious software while trying to access their own harmless files.
According to Nikoci’s statement, it is not very possible for the user to notice this because the malware is embedded in the user’s original file. Importantly before, Google does not warn about the changed extension when the user wants to download the file. Therefore, the user downloads the malicious software to his device without realizing it.
This is not all! Malware does not get installed in the antivirus, as antivirus software often sees files downloaded via Google Drive as an exception. Naturally, when the user opens the file, he runs the malware. It is not yet known when Google will fix this gap.