Google Drive carries a vulnerability that hackers can exploit to lure innocent users. According to the news on The Hacker News site; This vulnerability, included in the “manage versions” feature of Drive, enables attackers to replace legitimate files with malicious software.
It is stated that Google Drive does not check whether a file is of the same type or even its attachment. This means that a photo that looks innocent can actually hide a malware file.
A change is not noticed in the online preview or the alarm state is not entered. Therefore, the relevant file may not be noticed until it is downloaded to the problematic computer. It also makes things difficult for Chrome to automatically consider files downloaded from Drive safe. However, it is stated that different antivirus applications can notice the problems here.
It is stated that this vulnerability can be used in baiting attacks and thus users’ systems can be seized. There is a significant danger that users download the infected file unaware of everything after encountering a document update notification. The system administrator, A. Nikoci, who discovered the vulnerability, stated that he notified Google of the situation.
It is possible to avoid this vulnerability that could affect companies using Google Drive by being careful. Scanning files with antivirus software and being suspicious of unexpected file update warnings from Google Drive can save users.