Google Docs makes real-time collaboration with coworkers a seamless experience, but hackers have found ways to use these features to send malicious links to unsuspecting users.
As early as June last year, researchers at Check Point-owned Avanan discovered an exploit in the office software of the search giant that enabled an attacker to easily provide end users with links to phishing sites. Now, however, hackers have discovered a new way to do the exact same thing.
In October it was reported that hackers could use comments in Google Workspace apps like Docs and Slides to easily send malicious links to other users. While this is a known security vulnerability, Google hasn’t fully closed or mitigated it since then.
Starting in December 2021, Avanan’s researchers observed a new campaign in which a massive wave of hackers used the comments feature in Google Docs to primarily target users of Microsoft’s Outlook email service.
According to a new blog post by Avanan, in this …