The attacker does not need the iframe tags and only needs to copy the part with the Google Docs link as shown below: Once published, Google will provide a link with embed tags that are meant to be used on forums to render custom content. Then, the attacker will have to click “Embed” and “Publish”: To make the file render properly to the victim, the attacker has to select “Publish to the Web” from the “File” dropdown menu. Here's what the page would have looked like if the attacker selected “Get link”Ĭlearly, the attacker wants the top version, with the rendered image. Here’s what the page looks like in Google Docs:
This is the clever bit because if you simply click “Get link” you would only see the source code of the file, not the rendered version. Right-click the uploaded file and open it in Google Docs: Google will be very helpful and once the file is scanned, they will automatically render the HTML.
Write a webpage that resembles a Google Docs sharing page: This attack is actually quite simple to execute mainly because Google does most of the work for the attackers. As you can see, that is not Google’s website.
The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another webpage made to look like the Google Login portal. It’s a custom HTML page made to look like that familiar Google Docs share page. This Google Docs page may look familiar to those who share Google Docs outside of their organization. That link leads to this Google Docs page: Here is what an attack email can look like: You can also change the name of the downloaded file to whatever you want by clicking “Rename”.Avanan analysts have recently discovered an exploit vector in Google Docs that attackers are using to deliver malicious phishing websites to victims. The Save to Google Drive dialog box displays and the downloaded file is saved to your Google Drive account either to the main My Drive location or to the folder you specified. The first time you save a file or webpage to Google Drive using the extension, a dialog box displays asking you to allow the extension to access and use the information listed. To save a downloadable file to your Google Drive account, right-click on a download link and select “Save Link to Google Drive” from the popup menu. Once you’ve made your selections, click the “X” on the Options tab to close it. If you’re downloading Microsoft Office files or comma-separated files, you can automatically convert these files to Google Docs format, by checking the “Convert saved link to Google editor format” box. In the HTML pages section, select the format you want to use when saving webpages.
The Save to Google Drive extension also allows you to save a webpage as an image of the entire page (default), an image of the visible page, raw HTML source, a web archive (MHTML), or even as a Google Document.
We’ll show you how to install, set up, and use the Save to Google Drive extension in Chrome for Windows, but it works the same way on Chrome for macOS and for most common Linux distributions, such as Ubuntu. So, switch to the Google Chrome profile that corresponds to the Google Drive account you want to save files to before using this extension. NOTE: The Save to Google Drive extension saves files to the Google account you are signed in to in Chrome.
RELATED: How to Sync Your Desktop PC with Google Drive (and Google Photos) The Save to Google Drive extension can also be useful If you’re using Ubuntu Linux, which does not have an official Google Drive client. However, using the Google Drive client uses space on your computer, which isn’t ideal if you’re low on space. If you’re using the Google Drive desktop client for Windows or macOS, you can save downloaded files directly to your local Google Drive folder and they will be uploaded to your Google Drive account automatically.
Google’s Save to Google Drive extension allows you to save downloaded files directly to your Google Drive account, as well as save webpages to Google Drive as images, HTML files, or even Google documents.
However, if you’d rather download files directly to your Google Drive account, there’s an extension for Google Chrome that allows you to do just that. We’ve all downloaded files from the web to our computer.