Attackers can embed malicious links into documents on docs.google.com and then share them to phish users.
Command and Control
Attackers use docs.google.com to upload commands and have the malware fetch them. GC2 is an open-source tool that utilizes docs.google.com for C&C purposes.