A new "Google Drive phishing" web page campaign Discovered

Elastica Cloud Threat Labs recently discovered a brand new Google Drive phishing campaign during which An attacker deployed phishing sites on Google Drive. This is often not the first time Google Drive has been used for phishing. Last year, the security firm encountered an analogous style of Google Drive phishing attack.”

Once again phishers exploited Google’s name running a phishing campaign aimed to steal user Google credentials and access to the multiple services offered by the google.

The new phishing campaign was discovered by the safety research worker Aditya K. Sood from Elastica Cloud Threat Labs. Conjointly during this case, phishers used phishing pages hosted on Google Drive that seem similar a Google log-in page and that was served over HTTPs. The utilization of HTTPs makes the web pages a lot of more realistic and genuine and less suspicious to victims.




This campaign has several similarities with a campaign discovered by specialists at Symantec in March 2014, the malicious email's sent by the scammers presents an equivalent subject “Document,”and thereafter the taken credentials uploded on a third-party server.

The new campaign appeared to the experts as the evolution of the previous one, because the improved obfuscation techniques used by attackers to hide the phishing pages. The phishers used a JavaScript cryptography mechanism to encrypt the code within the phishing pages. The attack theme is kind of easy, victims receive the imitative email from a Gmail addresses that’s likely been compromised,They’re requested to click on the embedded link,redirect to a page hosted in an Google Drive folder. The phishing page sounds like a Google log-in type, then if the user enters his credentials they're transferred in clear to third party web server whereas the user is redirected to a PDF file hosted on another server so as to avoid raising suspicion .


In this phishing campaign,attackers used the stealthy techniques to protect and guard the phishing website code. Using of Google Drive for hosting phishing web page content provides the flexibility to use the established trust users have with Google. For instance, during this campaign, the attacker used Gmail to distribute emails containing links to unauthorized web content hosted on Google Drive.” states the post.

The phishers were primarily curious about siphon Google credentials of their victims as explained within the post.

“In an endeavor to maximise advantages, attackers targeted Google users specifically thus on gain access to the multitude of services related to those google account, since Google uses Single sign up(SSO) procedures,” continues the post.

The specialists detected that phishing emails were able to bypass the Google’s detection system, b'coz this mail are sent from the gmail account and the embedded link points to a legitimate googledrive.com domain.