[BreachExchange] Google Drive Notifications Used to Send Malicious Links to Hundreds of Thousands of Users

[Destry Winant]

https://www.ehackingnews.com/2020/11/google-drive-notifications-used-to-send.html

Cybercriminals have now resorted to utilizing a legitimate Google
Drive collaboration feature to trick users into clicking on pernicious
links.

As per recent reports the attacks have been originated from Google
Drive's collaboration feature, which enables users to make push
notifications or emails that invite people to share a Google doc.
Attackers are mishandling this feature to send mobile users Google
Drive notifications, inviting them to collaborate on documents, which
at that point contained 'malicious links'.

Since they are sent through Google Drive, the notifications originate
from Google's no-reply email address, causing them to appear more
legitimate. Different cycles of the attacks are sent using email
(rather than by notifications) and incorporate the malignant link
directly in the email. The Google Drive notifications accompany
various lures.

Many imply to be "personal notifications" from Google Drive, with one
lure named "Personal Notification No 8482" telling the victim they
haven't signed into their account for some time. These undermine that
the account will be deleted in 24 hours except if they sign in using a
(malicious) link. Another, named "Personal Notification No 0684,"
tells users they have an "important notice" of a financial transaction
that they can see for their own in their account, using a link.

The attack has focused on countless Google users, as per WIRED. The
report said that the notifications are being sent in Russian or broken
English.

These links take victims to malevolent scam websites. WIRED detailed
that one such site flooded users with notifications to click on links
for "prize draws," while different sites mentioned that victims click
on such links to "check their bank account."

Targeted users took to Twitter to the caution of the scams, with one
Twitter user saying that 'the only red flag' of the scam was that he
wasn't anticipating a shared doc.


With the generality of working from home due to the Covid pandemic,
attackers are progressively utilizing collaboration and remote-work
tools, including Google offerings.

Nonetheless, a Google spokesperson told WIRED that the company is
dealing with new security measures and is currently making strong
efforts for detecting Google Drive spam.