Hackers are abusing Google Docs to bypass security protections

News
By published

Comments are being weaponized to deliver malicious links

Google Docs logo
(Image credit: Google)

Google Docs make collaborating in real-time with colleagues a seamless experience but hackers have found ways to leverage these capabilities to send malicious links to unsuspecting users.

Back in June of last year, researchers at Check Point-owned Avanan discovered an exploit in the search giant's office software that allowed an attacker to easily deliver links to phishing sites to end-users. Now though, hackers have discovered a new way to do the exact same thing.

It was reported in October that hackers could use comments in Google Workspace apps like Docs and Slides to easily send malicious links to other users. Although this is a known vulnerability, Google has yet to fully close or mitigate it in the time since.

Beginning in December of 2021, Avanan's researchers observed a new campaign in which a massive wave of hackers leveraged the comment feature in Google Docs to primarily target users of Microsoft's email service Outlook.

Using comments to target Workspace users

According to a new blog post from Avanan, in this attack, hackers are adding comments with malicious links to Google Docs using @ mentions. 

Unlike with typical malicious campaigns that rely on emails sent from an attacker to reach potential victims, in this case Google automatically sends an email to a targeted user. In these emails, the full comment along with the malicious link and text are sent though the email address of the sender isn't shown, just the attacker's name which makes it easy to impersonate someone at their organization.

Although the campaign primarily targeted Microsoft Outlook users, they weren't the only people affected and Avanan observed over 500 inboxes across 30 tenants affected with the attackers responsible using over 100 different Gmail accounts. The cybersecurity firm notified Google of this flaw at the beginning of this month using the report phish through email button within Gmail.

To prevent falling victim to this attack and others like it, end users should remain as vigilant when checking and responding to comments in Google Docs, Sheets and Slides as they do when checking their inbox for malicious emails.

We've also featured the best antivirus, best malware removal software and best endpoint protection software

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Proton VPN and Vivaldi partnership – promo image

Proton joins force with Vivaldi browser to help you break free from Big Tech
See more latest
Most Popular
Proton VPN and Vivaldi partnership – promo image
Proton joins force with Vivaldi browser to help you break free from Big Tech
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Samsung Magician 8.3.0
Samsung reveals a new version of its popular SSD software, and yes, you should absolutely download it if you own a Samsung SSD
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead