Hackers abuse Google sheets

"New 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces"

Hackers abuse Google sheets

Hackers abuse Google sheets to impersonate tax authorities


Warning:

If the government emails you asking for money, I can finally legally advise you (for security purposes) to ignore them.

Negligent Vulnerability


Remote Code

There’s a new 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces. The bug allows hackers to remotely mass email, by enabling a Python script to masquerade as a PDF on Windows, from Google sheets. [1][2] Hackers have been abusing this to impersonate government officials and ravage private businesses in many countries. And since use of their Workspace products is so common among many institutions, this has serious risks for stolen funds (on top of regularly scheduled government theft).

Command & Control

According to Bleeping Computer, “Google Sheets is used as a command and control server, pinging it to get new commands to execute on the infected device and as a repository for stolen data”. [2] This is surprising to see this type of attack has not been fixed, given that a year ago Chinese hackers abused Google Sheets as a command and control in a similar way. [4]

Rampant

Not only is it the government, but hackers are also targeting insurance, aerospace, transportation, academia, finance, technology, industrial, healthcare, automotive, hospitality, energy, media, manufacturing, telecom, and social benefit organizations. [1]

Windows Only


“Web Integrity”

The Google sheets bug is only able work if you’re using Microsoft Windows. Ironically, Google came under heat a year ago for trying to have Chrome force the operating system to attest that it’s a “secure environment” (called Web Environment Integrity API) [3], which would lock Linux users out of many services as there’s no company to verify identities.

Irony

But now, ironically Google sheets is only vulnerable on what they told us was the secure environment of Windows. Just imagine if Chrome’s plans to haze Linux had went through, how much worse this current situation would be.

So I once again urge you to transition to Linux. And:
For your safety, please ignore emails from governments


The sources for this article can be found here

If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push.

[SP]

Sep 2, 2024

Related Posts

Negligent Google Play is axing its Security Reward Program

Negligent Google Play is axing its Security Reward Program

The program paid devs up to 20k to locate vulnerabilities in popular Android apps.

Aug 19, 2024

New Shocking Instagram Social Engineering revealed!

New Shocking Instagram Social Engineering revealed!

The answer to “Why Privacy” is now that they will manipulate your entire worldview.

[ADMIN]

May 27, 2024

How Google’s AI is harmful

How Google’s AI is harmful

Google's AI can mislead users, perpetuate bias, and invade privacy.

[ADMIN]

May 25, 2024

Microsoft will give Windows PCs a ‘photographic memory’

Microsoft will give Windows PCs a ‘photographic memory’

Screenshotting everything you do

[SP]

May 21, 2024