Sharing Files Or Malware? Why Users Must Stay Vigilant Even When Collaborating

October 15, 2020

IT researchers have discovered a flaw in Google Drive's "manage files" feature that can open the door to malware infection.

According to one system administrator, a hacker could "update" a file to a newer version that contains a malicious program. The Google Drive system apparently does not verify that the updated version contains the same file type or extension. The unsuspecting user, thinking he or she is grabbing an update to an existing document, is actually installing malware onto their computer.

Although this type of attack can only target those workers who routinely share documents on Google Drive, those numbers are steadily increasing as more people are working remotely.

Researchers have informed Google about this flaw, but no patch has yet been released. Users can protect themselves by using antivirus software and remaining cautious when retrieving updated files on Google drive, particularly when they are not expected. Jon Fingas "Google Drive flaw may let attackers fool you into installing malware" www.engadget.com (Aug. 22, 2020).

Commentary

Engadget.com updated the above article on August 25 with a response from Google about the apparent flaw. The software giant stated it regularly scan files for viruses and malware before a user can download them into the file storage system, and that hackers cannot avoid this file scan by modifying file attributes. They also maintain that Google Chrome will alert users to known malware even if it comes from Google Drive.

Although this response is reassuring, users cannot ignore the constant threat of phishing. Phishing emails continue to be the most common method of malware infection. As mentioned above, antivirus software is a valuable way to decrease infection risk but cannot replace a user’s continual vigilance in recognizing suspicious emails and files.

Always be wary of an unexpected email even if it looks to have been sent by a coworker or superior in collaboration with a project. In addition, do not hesitate to notify your IT department when you receive a suspect email. Your prompt action to communicate potential threats may prevent someone else from falling for a similar deception.

Finally, your opinion is important to us. Please complete the opinion survey:

Select an Industry