The Google campus in Mountain View, California. (brionv, CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0, via Wikimedia Commons)
Researchers on Thursday reported that hackers are using standard tools within Google Docs/Drive to lead unsuspecting victims to fraudulent websites, stealing credentials in the process.
In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services.
Gil Friedrich, co-founder and CEO of Avanan, said his team has seen this in the past with small services like MailGun, FlipSnack and Moveable Ink, but this was the first time they’ve seen these type of attacks through a major service like Google.
“Usually, hackers will lead their victims to a legitimate website, which means they have to hack into that site,” said Friedrich. “Here, everything is done within Google in a five-step process.”
According to Avanan blog, once the attacker publishes the lure, “Google provides a link with embed tags that ar ..
Support the originator by clicking the read the rest link below.
