Google Drive Security Flaw Allows Malware to Bypass Gmail Protection

Severity: High (Score: 64.5)

Sources: Techlicious, Cybernews, sg.news.yahoo.com

Summary

A security flaw has been identified in Google's systems that allows malicious files to bypass Gmail's security measures. Research by Ben Ilkashi from Pentera Labs revealed that files flagged as dangerous can be uploaded to Google Drive and shared via Gmail, misleading users with the 'Scanned by Gmail' label. This flaw affects billions of Gmail users, as it enables attackers to deliver malware disguised as safe attachments. Google has confirmed the issue but has not provided a timeline for a fix. Users are advised to treat Google Drive links with caution, similar to direct email attachments. The flaw also removes warning pop-ups that typically alert users before downloading suspicious files from Google Drive. This vulnerability could be exploited in phishing campaigns, leveraging Google's infrastructure to appear legitimate. Key Points: • Malicious files can bypass Gmail security by using Google Drive for sharing. • The 'Scanned by Gmail' label is misleading and does not guarantee safety. • Users should treat Google Drive links with the same caution as direct attachments.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Google (company)
• Pentera Labs (company)
• T1566.001 - Spearphishing Attachment (mitre_attack)
• Gmail (tool)
• Google Drive (tool)
• MacOS (platform)
• Windows Defender (platform)