Categories: News

Google under attack: Hackers targeted Chrome and Drive

Hackers put Google under attack in the last few days. Thus, they decided to send malicious links to hundreds of thousands of users. So, scammers used one of the Drive features to determine users click on malicious links.

Also, they exploited a zero-day vulnerability, which finally received a patch.

Scammers attacked Google Drive users

Attackers used Google Drive’s collaboration feature. This allows users to invite friends or co-workers to share and cooperate on Google documents, by sending notifications.

Well, attackers found a way to abuse this feature and sent mobile users notifications. But these invited users to collaborate on documents, in which they introduced malicious links.

Their actions seemed legitimate, as the notifications came from Google’s no-reply email address.

Some other times, attackers chose to use simple email messages with the malicious link inside.

Attackers sent most of the notifications in Russian or broken English and used a few lures to trick hundreds of thousands of Google users.

So, these claimed to be “personal notifications” and attackers named the lure either “Personal Notification No 8482” or “Personal Notification No 0684.”

The first one “reminded” to sing into their account. Otherwise account would be deleted in 24 hours. So they should use link, which was, of course, a malicious one.

The second one notified users about an “important notice” of a financial transaction. According to the message, users could see the notice via a malicious link.

Google, forced to patch a new Chrome zero-day

Also, Google released a security update for the Chrome browser, which patched 10 security flaws. One of them was a zero-day vulnerability, which hackers used to have Google under attack.

Google Threat Analysis Group (TAG), which tracks threat actors, discovered the zero-day. Still, the company did not disclose any details about the bug or the group who exploited it.

Afterwards, the company mentioned that the flaw was in the open-source JavaScript engine (V8).

Meanwhile, the company encouraged users to update their browser at least to version 86.0.4240.183, in order to prevent other villains exploit the same flaw.

Laurentiu Titei

Recent Posts

Fix Surface Pro 3 – White Spots on Screen Issue

The other day, we noticed white spots on the screen. For us, a computer screen…

15 hours ago

How to Find the Epson L380 Driver for Windows System

Epson is a renowned name in the printer industry, known for its world-class yet cost-efficient printers, Epson…

1 day ago

Solved: Application Unable to Start Correctly 0xc0000142 Error

The “application unable to start correctly” 0xc0000142 error code is a problem for many Microsoft…

2 days ago

Epson L3250 Driver Install on Windows with Easy Methods

Epson L3250 is a printer highly praised for its fast printing, low running costs, and…

3 days ago

What Is an RPMSG File and How to Open It in Windows

“My client sent me an RPMSG file as an email attachment, but I can’t open…

3 days ago

How to Fix File Explorer Not Opening Windows 11

Is the File Explorer not opening? Understandably, this must be frustrating, especially if finding files,…

4 days ago