Google Apps Script Allowed Malicious Hackers to Automate Malware Downloads

Proofpoint Reseachers have discovered that Google Apps Script allowed hackers to automatically download malware uploaded on Google Drive to victums targeted devices.

Since the discovery of this vulnerability to Google, the company has added a specific restricitions on certain Apps scripts that could be abused. Google blocks both installable triggers customizable occasions that cause certain events to happen automatically.

However, the proof of concept ProofPoint was provied to Google. The exploit begun by uploading malicious files and malware executables on Google Drive to which attack could create a public link. Hacker could later share an arbitrary Google Doc to be used as a lure and vehicle for a Google Apps Script that delvers the shared malware. While Proofpoint reseachers frequently observe Google Docs phishing and malware distribution via links to Google Drive URLS.

Google has now imposed new restrictions on simple triggers to block phishing and malware distribution attempts that triggered by opening a doc.