Google Docs Comments Exploit

Industry: N/A | Level: Strategic | Source: Avanan

Avanan's research for exploiting Google App's comment feature to distribute malware was shared in June 2021. However, the method was observed in the wild starting in December 2021. This attack method involves abusing the comment feature in apps such as Google Docs, Slides, and as stated simply from Avanan, "The comment mentions the target with an @. By doing so, an email is automatically sent to that person’s inbox. In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators." While not exclusive to Outlook users, the attack has had the largest impact on that user group as metrics shared identified 500 inboxes across 30 tenants impacted by hackers utilizing over 100 unique Gmail accounts.