Fake 'Google Safety Centre' Phishing Scam Deploys Malware Disguised as Google Authenticator
Published on August 9, 2024
Google Drive has been abused by malicious actors numerous times in the recent past, as malware campaigns have better rates of success and fewer red flags when legitimate cloud storage services are involved. We’ve seen this abuse by the Raccoon stealer MaaS, the ‘TA416’ hacking group, and the JhoneRAT, and we even saw it being taught to newcomers as a standard method of obfuscation. Now, researcher Rajshekhar Rajaharia informs us that cybercriminals have taken the abuse to “blatant” levels, and content pirates are also joining in the abuse game without fear.
Since Google isn’t scrutinizing or filtering stuff on Drive, people can upload anything they want and share the links with others. Because of the lax practices, pirates are uploading entire collections of illegally downloaded - or at least illegally distributed copies - of films and TV shows, and then open access to huge numbers of internet users who would like to freely access them.
That would include content that Google has taken down from the search results due to DMCA violations, but hosts on Drive as if this is just something personal. To make this even more feckless, Google indexes these Drive links on Search, so even if you don’t have a link, you may just use Google Search and find what you’re looking for.
Oftentimes, these links don’t contain movies, crack files, or software downloaders, or whatever it is that they promise to be - but malware. In other cases, the contents of the Drive folders or ZIP files contain explicit personal images of people who have been compromised by hackers and don’t even know about it.
In most cases, though, the folders are filled with content taken from porn sites that require subscriptions, and the actors are selling access to these massive collections for a very small amount of money. So, essentially, it’s Google-backed piracy.
This is not to say that Google knows about the abuse and doesn’t do anything about it. When they receive a DMCA complaint, they will remove the infringing Drive file(s), but as things get re-uploaded by other accounts, this is far from being an effective measure. Also, in many cases, pirates use ZIP files that aren’t easy to identify as infringing, so they stay around for longer.
Finally, Google Drive’s policies declare that the firm may review content to determine whether it is illegal or violates any policies, and so it may be removed preemptively even without a DMCA. However, this doesn’t seem to be happening at all, as Google may be giving more value to the users’ sense of privacy.
On a final note, from the user’s perspective, when you’re using Google Drive to download something from a public space, you should be very cautious. The service is currently one of the most dangerous and risky file hosting platforms to be found online.
From the creator’s point of view, if you’re using Drive to host anything sensitive, be careful not to set personal images or illegally-obtained videos to “public,” as this will index your files, and people will access them soon via Search.