Google Docs is being weaponized by hackers

News
By last updated

Think twice before clicking on that Google Docs link, users warned

Google Docs logo
(Image credit: Google)

Web-based word processor Google Docs is being actively exploited to disguise dangerous web domains, security analysts have warned.

As discovered by security firm Avanan, cybercriminals have found a way to conceal attacks behind standard Google Docs URLs, which can be delivered to victims via email without triggering security software.

The loophole can be exploited to redirect victims through to malicious web pages, which could be set up to siphon personal details and account credentials, or rigged with malware.

“Hackers are bypassing static link scanners by hosting their attacks in publicly known services,” explained Avanan. “We have seen this in the past with small services like MailGun, FlipSnack and Movable Ink, but this is the first time we’re seeing it through a major service like Google Drive/Docs.”

Google Docs exploit

Although there are a few hoops for attackers to jump through, Avanan says the attack is simple to execute “because Google does most of the work”.

The first step is to code a webpage that mimics the Google Docs layout and branding, containing a link that redirects to a malicious site. Attackers then upload this HTML file to Google Docs, which renders the page.

By abusing the “Publish to the web” function, attackers can create a link that looks identical to any other file-sharing link and is therefore able to bypass email security protections designed to weed out dangerous web addresses.

Disguising the domain behind a Google Docs link also improves the likelihood a user will click through and land, ultimately, on the page equipped with information-stealing capabilities.

To shield against an attack of this kind, Avanan suggests businesses deploy a multi-tiered security architecture capable of identifying unusual activity on the network. The advice for end users, meanwhile, is to always scrutinize the sender’s email address for abnormalities that might betray a scam.

Google did not respond immediately to questions about whether the company is working to block off the attack vector.

Update:
Google has since provided the following tips to help users shield against this kind of attack:

  • Use 2-step verification to reduce the risk of unauthorized access
  • Use security keys that allow only the holder to access the account
  • Take the Google Security Checkup
  • Pay attention to warnings and alerts that appear
  • Report suspicious emails and other content to Google
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
malware
Google warns of legit VPN apps being used to infect devices with malware
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Nintendo Switch 2 Joy-Con up-close from app store

Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA