A New kind of Phishing Attack is available on Google Drive and we use Google Drive to store Files safely and here is a trick performed by the Hacker to get the Information from the victim on Google Docs.
Christy Philip Mathew who is a security researcher demonstrated this with combination of Clickjacking and CSRF Vulnerabilities in Google’s Drive which will allow an hacker to create a document in Victim’s Drive yes it’s true in Victim’s Drive for Phishing Attack.
What is ClickJacking?
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
–>
It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function. The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. Clickjacking can be understood as an instance of the confused deputy problem (Clickjacking description from Wikipedia)
Hacker Explained how he will steal Victim’s alltype of credential with phsihng attack, Hacker will send a Malicious URL to the Victim, where are some buttons and victim needs to Interact with that.
Complete Demostration is below and POC is here
This Vulnerability is not Fixed yet and we think that Google will do this ok and for your kind information there is no service takes place in Google named Google GooPass
