Threat actors are using a Google Docs exploit in a new phishing campaign.A webpage written resembling Google Docs sharing page and uploads it on Google Drive which scans the file and automatically renders the HTML. Top Version of the file is obtained. By the attacker once opened by Google docs
The link is attached and a email link is generated, distributed.when link is clicked, they are redirected to the actual malicious phishing website where their credentials will be stolen through another web page made to look like the Google Login Portal.
Attackers have tried using the functionality of legitimate services to further their own malicious goals such as the spoofing of a DocuSign document which took the user to a fake DocuSign login page,
Google Docs is used very sophistically in this manner and attackers end up with a good chance of bypassing static link scanners that many legacy security products use.
This attack highlights how important it is to use a multi-tiered security architecture aka Defence in depth. This is not the first time when the service has been abused for malicious purposes. Previously, malware and phishery tool like DarkHydrus was also being spread through Google Drive.