Hackers abuse Google sheets
New 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces
Hackers abuse Google sheets to impersonate tax authorities
Warning:
If the government emails you asking for money, I can finally legally advise you (for security purposes) to ignore them.
Negligent Vulnerability
Remote Code
There’s a new 0-day in negligent Google sheets that is YET ANOTHER reason to completely abandon their invasive Workspaces. The bug allows hackers to remotely mass email, by enabling a Python script to masquerade as a PDF on Windows, from Google sheets. [1][2] Hackers have been abusing this to impersonate government officials and ravage private businesses in many countries. And since use of their Workspace products is so common among many institutions, this has serious risks for stolen funds (on top of regularly scheduled government theft).
Command & Control
According to Bleeping Computer, “Google Sheets is used as a command and control server, pinging it to get new commands to execute on the infected device and as a repository for stolen data”. [2] This is surprising to see this type of attack has not been fixed, given that a year ago Chinese hackers abused Google Sheets as a command and control in a similar way. [4]
Rampant
Not only is it the government, but hackers are also targeting insurance, aerospace, transportation, academia, finance, technology, industrial, healthcare, automotive, hospitality, energy, media, manufacturing, telecom, and social benefit organizations. [1]
Windows Only
“Web Integrity”
The Google sheets bug is only able work if you’re using Microsoft Windows. Ironically, Google came under heat a year ago for trying to have Chrome force the operating system to attest that it’s a “secure environment” (called Web Environment Integrity API) [3], which would lock Linux users out of many services as there’s no company to verify identities.
Irony
But now, ironically Google sheets is only vulnerable on what they told us was the secure environment of Windows. Just imagine if Chrome’s plans to haze Linux had went through, how much worse this current situation would be.
So I once again urge you to transition to Linux. And:
For your safety, please ignore emails from governments
The sources for this article can be found here
If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push
Related Posts
Google's new AI nuclear reactors
Google announced nuclear power reactors for AI.
[SP]
Oct 30, 2024
Linked-In Tyranny Agenda
They want the power to starve you if you don't obey
[SP]
Oct 8, 2024
Google is Totalitarian
Shocking Leaks & Whistleblowers. The key sources you need to persuade your friends and family
[SP]
Oct 4, 2024
Chrome introduces Digital IDs
Warning: Google attempts a huge power grab
[SP]
Sep 12, 2024