Google Apps Script Flaw Exploitable Resulting in Malware

Proofpoint in one fresh investigation outlines existing challenges to cyber security that are inbuilt to companies' offerings of SaaS (Software-as-a-Service). One instance is of security flaw found within Google Apps Script which could let cyber attackers to pull down malicious software through Google Drive websites onto their victims' PCs.

The IDC explains that SaaS applications are first type of cloud computing within business organizations, taking into its fold almost 66% of the entire general cloud expenditure, last year. The implication is that they're as well an extremely good medium for hackers seeking novel methods for distributing malicious software that help steal credentials, writes security research chief Maor Bin for threat systems products of Proofpoint.

Incidentally, Google Apps Script, which's one language based on JavaScript, helps create extensions and add-ons to apps within Google's ecosystem that also includes Forms, Slides, Sheets and Docs. While Chrome Web-browser provides code editor, everything about the way scripts are executed via Google servers are available on the authorized Apps Script site. Zdnet.com posted this, January 4, 2018.

The security flaw, a discovery of Proofpoint, is exploitable wherein con artists could utilize it for installing malicious software on a device, albeit the kind of attack hasn't still occurred.

At the foremost, malware executables are uploaded onto Google Drive that hackers may link for public use. After that the attackers distribute one Google Doc connected with the malicious software to target victims while present a message persuading them towards viewing that doc.

Cyber miscreants could exploit the vulnerability in Google Apps Script for serving malware onto their victims' machines. Proofpoint states it doesn't know about attackers who may've actively exploited the Google Apps Script flaw.

Conclusively, utilizing one SaaS app, for instance Google Drive, helps give a completely novel attack area which both consumers and businesses alike require guarding from. Being more-or-less new, many mayn't know about potential danger in a Google document. Moreover, as hackers find it much easier assembling SaaS application assaults in comparison to assaults using macros, it perhaps implies the current technique would get employed more often later while proliferate to Box, G-Suite and Office 365 from Google Drive.

» SPAMfighter News - 1/10/2018