Hackers abuse Google sheets
"New 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces"
Hackers abuse Google sheets to impersonate tax authorities
Warning:
If the government emails you asking for money, I can finally legally advise you (for security purposes) to ignore them.
Negligent Vulnerability
Remote Code
There’s a new 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces. The bug allows hackers to remotely mass email, by enabling a Python script to masquerade as a PDF on Windows, from Google sheets. [1][2] Hackers have been abusing this to impersonate government officials and ravage private businesses in many countries. And since use of their Workspace products is so common among many institutions, this has serious risks for stolen funds (on top of regularly scheduled government theft).
Command & Control
According to Bleeping Computer, “Google Sheets is used as a command and control server, pinging it to get new commands to execute on the infected device and as a repository for stolen data”. [2] This is surprising to see this type of attack has not been fixed, given that a year ago Chinese hackers abused Google Sheets as a command and control in a similar way. [4]
Rampant
Not only is it the government, but hackers are also targeting insurance, aerospace, transportation, academia, finance, technology, industrial, healthcare, automotive, hospitality, energy, media, manufacturing, telecom, and social benefit organizations. [1]
Windows Only
“Web Integrity”
The Google sheets bug is only able work if you’re using Microsoft Windows. Ironically, Google came under heat a year ago for trying to have Chrome force the operating system to attest that it’s a “secure environment” (called Web Environment Integrity API) [3], which would lock Linux users out of many services as there’s no company to verify identities.
Irony
But now, ironically Google sheets is only vulnerable on what they told us was the secure environment of Windows. Just imagine if Chrome’s plans to haze Linux had went through, how much worse this current situation would be.
So I once again urge you to transition to Linux. And:
For your safety, please ignore emails from governments
The sources for this article can be found here
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push.
Related Posts
Negligent Google Play is axing its Security Reward Program
The program paid devs up to 20k to locate vulnerabilities in popular Android apps.
Aug 19, 2024
New Shocking Instagram Social Engineering revealed!
The answer to “Why Privacy” is now that they will manipulate your entire worldview.
[ADMIN]
May 27, 2024
How Google’s AI is harmful
Google's AI can mislead users, perpetuate bias, and invade privacy.
[ADMIN]
May 25, 2024
Microsoft will give Windows PCs a ‘photographic memory’
Screenshotting everything you do
[SP]
May 21, 2024